diff --git a/Makefile b/Makefile
index f81ba58c7..b5d86e512 100644
--- a/Makefile
+++ b/Makefile
@@ -1,2 +1,5 @@
 all:
 	cd funnel/assets; make
+
+build:
+	cd funnel/assets; make assetsonly
diff --git a/funnel/assets/cypress/fixtures/profile.json b/funnel/assets/cypress/fixtures/profile.json
new file mode 100644
index 000000000..489e2b593
--- /dev/null
+++ b/funnel/assets/cypress/fixtures/profile.json
@@ -0,0 +1,5 @@
+{
+  "title": "testcypressproject",
+  "description": "Lorem ipsum dolor sit amet, consectetur adipiscing elit",
+  "logo_url": "https://images.hasgeek.com/embed/file/fa971c8b503941de9f6ef5c53af02be7"
+}
diff --git a/funnel/assets/cypress/fixtures/user.json b/funnel/assets/cypress/fixtures/user.json
index c582c7648..c7c963f22 100644
--- a/funnel/assets/cypress/fixtures/user.json
+++ b/funnel/assets/cypress/fixtures/user.json
@@ -1,8 +1,24 @@
 {
+  "owner": {
+    "username": "profile-cypress",
+    "password": "cypress123"
+  },
   "admin": {
     "username": "admin-user",
     "password": "cypress129"
   },
+  "concierge": {
+    "username": "concierge-user",
+    "password": "cypress341"
+  },
+  "usher": {
+    "username": "usher-cypress",
+    "password": "cypress566"
+  },
+  "editor": {
+    "username": "editor-cypress",
+    "password": "cypress900"
+  },
   "user": {
     "username": "member-user",
     "password": "cypress341"
diff --git a/funnel/assets/cypress/integration/00_addProfile.js b/funnel/assets/cypress/integration/00_addProfile.js
new file mode 100644
index 000000000..6d755aef1
--- /dev/null
+++ b/funnel/assets/cypress/integration/00_addProfile.js
@@ -0,0 +1,20 @@
+describe('Profile', function() {
+  const owner = require('../fixtures/user.json').owner;
+  const profile = require('../fixtures/profile.json');
+
+  it('Create a new profile', function() {
+    cy.login('/organizations', owner.username, owner.password);
+
+    cy.get('a')
+      .contains('new organization')
+      .click();
+    cy.location('pathname').should('contain', '/new');
+
+    cy.get('#title').type(profile.title);
+    cy.get('#name').type(profile.title);
+    cy.get('#is_public_profile').click();
+    cy.get('button')
+      .contains('Next')
+      .click();
+  });
+});
diff --git a/funnel/assets/cypress/integration/01_addCrewtoProfile.js b/funnel/assets/cypress/integration/01_addCrewtoProfile.js
new file mode 100644
index 000000000..a0b51fdc7
--- /dev/null
+++ b/funnel/assets/cypress/integration/01_addCrewtoProfile.js
@@ -0,0 +1,52 @@
+describe('Adding crew to profile', function() {
+  const owner = require('../fixtures/user.json').owner;
+  const admin = require('../fixtures/user.json').admin;
+  const profile = require('../fixtures/profile.json');
+
+  Cypress.on('uncaught:exception', (err, runnable) => {
+    return false;
+  });
+
+  it('Add new member to profile and edit roles', function() {
+    cy.server();
+    cy.route('**/edit').as('edit-form');
+    cy.route('POST', '**/edit').as('edit-member');
+    cy.route('GET', '**/delete').as('delete-form');
+    cy.route('POST', '**/delete').as('delete-member');
+
+    cy.login('/' + profile.title, owner.username, owner.password);
+    cy.get('a[data-cy-btn="profile-crew"]').click();
+
+    cy.add_member(admin.username, 'owner');
+
+    cy.get('[data-cy="member"]')
+      .contains(admin.username)
+      .click();
+    cy.wait('@edit-form');
+    cy.get('button[data-cy-btn="revoke"]').click();
+    cy.wait('@delete-form');
+    cy.get('button')
+      .contains('Delete')
+      .click();
+    cy.wait('@delete-member');
+    cy.get('[data-cy="member"]')
+      .contains(admin.username)
+      .should('not.exist');
+
+    cy.add_member(admin.username, 'owner');
+    cy.get('[data-cy="member"]')
+      .contains(admin.username)
+      .click();
+    cy.wait('@edit-form');
+    cy.get('#is_owner-0').click();
+    cy.get('button')
+      .contains('Edit membership')
+      .click();
+    cy.wait('@edit-member');
+    cy.get('[data-cy="member"]')
+      .contains(admin.username)
+      .parents('.user-box')
+      .find('[data-cy="role"]')
+      .contains('Admin');
+  });
+});
diff --git a/funnel/assets/cypress/integration/02_verifyAdminRoles.js b/funnel/assets/cypress/integration/02_verifyAdminRoles.js
new file mode 100644
index 000000000..61a8648ff
--- /dev/null
+++ b/funnel/assets/cypress/integration/02_verifyAdminRoles.js
@@ -0,0 +1,29 @@
+describe('Profile admin roles', function() {
+  const owner = require('../fixtures/user.json').owner;
+  const admin = require('../fixtures/user.json').admin;
+  const profile = require('../fixtures/profile.json');
+
+  it('Check roles of profile admins', function() {
+    cy.login('/' + profile.title, admin.username, admin.password);
+
+    cy.get('a[data-cy-btn="edit-details"]').click();
+    cy.get('#field-description')
+      .find('.CodeMirror textarea')
+      .type(profile.description, { force: true });
+    cy.get('#logo_url').type(profile.logo_url);
+    cy.get('button')
+      .contains('Save changes')
+      .click();
+
+    cy.get('a[data-cy-btn="profile-crew"]').click();
+    cy.get('button[data-cy-btn="add-member"]').should('not.exist');
+    cy.get('[data-cy="member"]')
+      .contains(admin.username)
+      .click();
+    cy.get('#member-form', { timeout: 10000 }).should('not.be.visible');
+    cy.get('[data-cy="member"]')
+      .contains(owner.username)
+      .click();
+    cy.get('#member-form', { timeout: 10000 }).should('not.be.visible');
+  });
+});
diff --git a/funnel/assets/cypress/integration/01_createproject.js b/funnel/assets/cypress/integration/03_createProject.js
similarity index 89%
rename from funnel/assets/cypress/integration/01_createproject.js
rename to funnel/assets/cypress/integration/03_createProject.js
index e0094d66b..994f622c0 100644
--- a/funnel/assets/cypress/integration/01_createproject.js
+++ b/funnel/assets/cypress/integration/03_createProject.js
@@ -1,9 +1,10 @@
 describe('Project', function() {
   const admin = require('../fixtures/user.json').admin;
+  const profile = require('../fixtures/profile.json');
   const project = require('../fixtures/project.json');
 
   it('Create a new project', function() {
-    cy.login('/testcypressproject', admin.username, admin.password);
+    cy.login('/' + profile.title, admin.username, admin.password);
 
     cy.get('a[data-cy="new-project"]').click();
     cy.location('pathname').should('contain', '/new');
diff --git a/funnel/assets/cypress/integration/04_addCrewtoProject.js b/funnel/assets/cypress/integration/04_addCrewtoProject.js
new file mode 100644
index 000000000..431a5d67c
--- /dev/null
+++ b/funnel/assets/cypress/integration/04_addCrewtoProject.js
@@ -0,0 +1,31 @@
+describe('Adding crew', function() {
+  const owner = require('../fixtures/user.json').owner;
+  const admin = require('../fixtures/user.json').admin;
+  const concierge = require('../fixtures/user.json').concierge;
+  const usher = require('../fixtures/user.json').usher;
+  const editor = require('../fixtures/user.json').editor;
+  const profile = require('../fixtures/profile.json');
+  const project = require('../fixtures/project.json');
+
+  Cypress.on('uncaught:exception', (err, runnable) => {
+    return false;
+  });
+
+  it('Add crew to project', function() {
+    cy.login('/' + profile.title, admin.username, admin.password);
+    cy.get('[data-cy-project="' + project.title + '"]')
+      .first()
+      .click();
+    cy.location('pathname').should('contain', project.url);
+    cy.get('a[data-cy-navbar="crew"]').click();
+    cy.get('[data-cy="member"]')
+      .contains(admin.username)
+      .parents('.user-box')
+      .find('[data-cy="role"]')
+      .contains('Editor');
+
+    cy.add_member(concierge.username, 'concierge');
+    cy.add_member(usher.username, 'usher');
+    cy.add_member(editor.username, 'editor');
+  });
+});
diff --git a/funnel/assets/cypress/integration/05_verifyEditorRoles.js b/funnel/assets/cypress/integration/05_verifyEditorRoles.js
new file mode 100644
index 000000000..748496a35
--- /dev/null
+++ b/funnel/assets/cypress/integration/05_verifyEditorRoles.js
@@ -0,0 +1,33 @@
+describe('Verify roles of editor', function() {
+  const editor = require('../fixtures/user.json').editor;
+  const profile = require('../fixtures/profile.json');
+  const project = require('../fixtures/project.json');
+
+  it('Access available for editor in project settings', function() {
+    // Failing now - project in draft state is not visible to editor
+    // cy.login('/' + profile.title +, editor.username, editor.password);
+    // cy.get('[data-cy-project="' + project.title + '"]')
+    //   .first()
+    //   .click();
+
+    cy.login(
+      '/' + profile.title + '/' + project.url,
+      editor.username,
+      editor.password
+    );
+    cy.location('pathname').should('contain', project.url);
+    cy.get('a[data-cy-navbar="settings"]').click();
+    cy.location('pathname').should('contain', 'settings');
+    cy.get('a[data-cy="edit"]').should('exist');
+    cy.get('a[data-cy="add-livestream"]').should('exist');
+    cy.get('a[data-cy="manage-venues"]').should('exist');
+    cy.get('a[data-cy="add-cfp"]').should('exist');
+    cy.get('a[data-cy="edit-schedule"]').should('exist');
+    cy.get('a[data-cy="manage-labels"]').should('exist');
+    cy.get('a[data-cy="setup-events"]').should('not.exist');
+    cy.get('a[data-cy="scan-checkin"]').should('not.exist');
+    cy.get('a[data-cy="download-csv"]').should('exist');
+    cy.get('a[data-cy="download-json"]').should('exist');
+    cy.get('a[data-cy="download-schedule-json"]').should('exist');
+  });
+});
diff --git a/funnel/assets/cypress/integration/06_confirmProposeBtn.js b/funnel/assets/cypress/integration/06_confirmProposeBtn.js
deleted file mode 100644
index 1d261f7d0..000000000
--- a/funnel/assets/cypress/integration/06_confirmProposeBtn.js
+++ /dev/null
@@ -1,19 +0,0 @@
-describe('Confirm propose button', function() {
-  const proposal = require('../fixtures/proposal.json');
-  const project = require('../fixtures/project.json');
-  const labels = require('../fixtures/labels.json');
-
-  it('Confirm Add proposal button', function() {
-    cy.visit('/testcypressproject');
-
-    cy.get('a[data-cy-project="' + project.title + '"]').click();
-    cy.location('pathname').should('contain', project.url);
-    cy.get('a[data-cy-navbar="proposals"]').click();
-    cy.location('pathname').should('contain', 'proposals');
-    cy.get('a[data-cy="propose-a-session"]').should('exist');
-
-    cy.get('a[data-cy="profile-link"]').click();
-    cy.location('pathname').should('contain', 'testcypressproject');
-    cy.get('[data-cy="profile-title"]').should('contain', 'testcypressproject');
-  });
-});
diff --git a/funnel/assets/cypress/integration/02_publishproject.js b/funnel/assets/cypress/integration/06_publishProject.js
similarity index 56%
rename from funnel/assets/cypress/integration/02_publishproject.js
rename to funnel/assets/cypress/integration/06_publishProject.js
index 990ecc37d..b55cb7da7 100644
--- a/funnel/assets/cypress/integration/02_publishproject.js
+++ b/funnel/assets/cypress/integration/06_publishProject.js
@@ -1,13 +1,21 @@
 describe('Publish project', function() {
-  const admin = require('../fixtures/user.json').admin;
+  const editor = require('../fixtures/user.json').editor;
+  const profile = require('../fixtures/profile.json');
   const project = require('../fixtures/project.json');
 
   it('Publish project', function() {
-    cy.login('/testcypressproject', admin.username, admin.password);
+    // Failing now - project in draft state is not visible to editor
+    // cy.login('/' + profile.title, editor.username, editor.password);
+    // cy.get('[data-cy-project="' + project.title + '"]')
+    //   .first()
+    //   .click();
+
+    cy.login(
+      '/' + profile.title + '/' + project.url,
+      editor.username,
+      editor.password
+    );
 
-    cy.get('[data-cy-project="' + project.title + '"]')
-      .first()
-      .click();
     cy.location('pathname').should('contain', project.url);
     cy.get('a[data-cy-navbar="settings"]').click();
     cy.location('pathname').should('contain', 'settings');
diff --git a/funnel/assets/cypress/integration/03_managevenue.js b/funnel/assets/cypress/integration/07_manageVenue.js
similarity index 92%
rename from funnel/assets/cypress/integration/03_managevenue.js
rename to funnel/assets/cypress/integration/07_manageVenue.js
index 7674b23dd..247ea83e8 100644
--- a/funnel/assets/cypress/integration/03_managevenue.js
+++ b/funnel/assets/cypress/integration/07_manageVenue.js
@@ -1,12 +1,13 @@
 describe('Manage project venue', function() {
-  const admin = require('../fixtures/user.json').admin;
+  const editor = require('../fixtures/user.json').editor;
+  const profile = require('../fixtures/profile.json');
   const project = require('../fixtures/project.json');
 
   it('Add venue', function() {
     cy.login(
-      '/testcypressproject/' + project.url,
-      admin.username,
-      admin.password
+      '/' + profile.title + '/' + project.url,
+      editor.username,
+      editor.password
     );
 
     cy.get('a[data-cy-navbar="settings"]').click();
diff --git a/funnel/assets/cypress/integration/04_addCFP.js b/funnel/assets/cypress/integration/08_addCFP.js
similarity index 86%
rename from funnel/assets/cypress/integration/04_addCFP.js
rename to funnel/assets/cypress/integration/08_addCFP.js
index 2791adb76..29e5e189c 100644
--- a/funnel/assets/cypress/integration/04_addCFP.js
+++ b/funnel/assets/cypress/integration/08_addCFP.js
@@ -1,13 +1,14 @@
 describe('Add CFP to project', function() {
-  const admin = require('../fixtures/user.json').admin;
+  const editor = require('../fixtures/user.json').editor;
   const cfp = require('../fixtures/cfp.json');
+  const profile = require('../fixtures/profile.json');
   const project = require('../fixtures/project.json');
 
   it('Add CFP', function() {
     cy.login(
-      '/testcypressproject/' + project.url,
-      admin.username,
-      admin.password
+      '/' + profile.title + '/' + project.url,
+      editor.username,
+      editor.password
     );
 
     cy.get('a[data-cy-navbar="settings"]').click();
diff --git a/funnel/assets/cypress/integration/05_addLabels.js b/funnel/assets/cypress/integration/09_addLabels.js
similarity index 93%
rename from funnel/assets/cypress/integration/05_addLabels.js
rename to funnel/assets/cypress/integration/09_addLabels.js
index 64e6e748d..6f030a052 100644
--- a/funnel/assets/cypress/integration/05_addLabels.js
+++ b/funnel/assets/cypress/integration/09_addLabels.js
@@ -1,13 +1,14 @@
 describe('Add labels to project', function() {
-  const admin = require('../fixtures/user.json').admin;
+  const editor = require('../fixtures/user.json').editor;
+  const profile = require('../fixtures/profile.json');
   const project = require('../fixtures/project.json');
   const labels = require('../fixtures/labels.json');
 
   it('Add labels', function() {
     cy.login(
-      '/testcypressproject/' + project.url,
-      admin.username,
-      admin.password
+      '/' + profile.title + '/' + project.url,
+      editor.username,
+      editor.password
     );
 
     cy.get('a[data-cy-navbar="settings"]').click();
@@ -102,8 +103,8 @@ describe('Add labels to project', function() {
       .trigger('mouseover', { which: 1, force: true, view: window })
       .trigger('mousedown', { which: 1, force: true, view: window })
       .trigger('mousemove', {
-        pageX: 230,
-        pageY: 550,
+        pageX: 500,
+        pageY: 610,
         force: true,
         view: window,
       })
diff --git a/funnel/assets/cypress/integration/08_respondToAttend.js b/funnel/assets/cypress/integration/10_respondToAttend.js
similarity index 100%
rename from funnel/assets/cypress/integration/08_respondToAttend.js
rename to funnel/assets/cypress/integration/10_respondToAttend.js
diff --git a/funnel/assets/cypress/integration/07_addProposal.js b/funnel/assets/cypress/integration/11_addProposal.js
similarity index 94%
rename from funnel/assets/cypress/integration/07_addProposal.js
rename to funnel/assets/cypress/integration/11_addProposal.js
index 4f1510908..118985eeb 100644
--- a/funnel/assets/cypress/integration/07_addProposal.js
+++ b/funnel/assets/cypress/integration/11_addProposal.js
@@ -1,11 +1,12 @@
 describe('Add a new proposal', function() {
   const user = require('../fixtures/user.json').user;
+  const profile = require('../fixtures/profile.json');
   const proposal = require('../fixtures/proposal.json');
   const project = require('../fixtures/project.json');
   const labels = require('../fixtures/labels.json');
 
   it('Add proposal', function() {
-    cy.login('/testcypressproject', user.username, user.password);
+    cy.login('/' + profile.title, user.username, user.password);
 
     cy.get('a[data-cy-project="' + project.title + '"]').click();
     cy.location('pathname').should('contain', project.url);
diff --git a/funnel/assets/cypress/integration/09_confirmProposal.js b/funnel/assets/cypress/integration/12_confirmProposal.js
similarity index 89%
rename from funnel/assets/cypress/integration/09_confirmProposal.js
rename to funnel/assets/cypress/integration/12_confirmProposal.js
index ae404f5ed..0f06a9f70 100644
--- a/funnel/assets/cypress/integration/09_confirmProposal.js
+++ b/funnel/assets/cypress/integration/12_confirmProposal.js
@@ -1,11 +1,12 @@
 describe('Confirm proposal', function() {
-  const admin = require('../fixtures/user.json').admin;
+  const editor = require('../fixtures/user.json').editor;
+  const profile = require('../fixtures/profile.json');
   const proposal = require('../fixtures/proposal.json');
   const project = require('../fixtures/project.json');
   const labels = require('../fixtures/labels.json');
 
   it('Confirm proposal', function() {
-    cy.login('/testcypressproject', admin.username, admin.password);
+    cy.login('/' + profile.title, editor.username, editor.password);
 
     cy.get('a[data-cy-project="' + project.title + '"]').click();
     cy.location('pathname').should('contain', project.url);
diff --git a/funnel/assets/cypress/integration/11_addLivestream.js b/funnel/assets/cypress/integration/13_addLivestream.js
similarity index 84%
rename from funnel/assets/cypress/integration/11_addLivestream.js
rename to funnel/assets/cypress/integration/13_addLivestream.js
index 7903c8f8c..4027c2e6e 100644
--- a/funnel/assets/cypress/integration/11_addLivestream.js
+++ b/funnel/assets/cypress/integration/13_addLivestream.js
@@ -1,9 +1,10 @@
 describe('Add livestream', function() {
-  const admin = require('../fixtures/user.json').admin;
+  const editor = require('../fixtures/user.json').editor;
+  const profile = require('../fixtures/profile.json');
   const project = require('../fixtures/project.json');
 
   it('Adding livestream youtube url to project', function() {
-    cy.login('/testcypressproject', admin.username, admin.password);
+    cy.login('/' + profile.title, editor.username, editor.password);
 
     cy.get('[data-cy-project="' + project.title + '"]')
       .first()
diff --git a/funnel/assets/cypress/integration/10_updateSchedule.js b/funnel/assets/cypress/integration/14_updateSchedule.js
similarity index 94%
rename from funnel/assets/cypress/integration/10_updateSchedule.js
rename to funnel/assets/cypress/integration/14_updateSchedule.js
index 7ba9fc3c3..0900d8630 100644
--- a/funnel/assets/cypress/integration/10_updateSchedule.js
+++ b/funnel/assets/cypress/integration/14_updateSchedule.js
@@ -1,7 +1,8 @@
 describe('Add session to schedule and publish', function() {
-  const admin = require('../fixtures/user.json').admin;
+  const editor = require('../fixtures/user.json').editor;
   const session = require('../fixtures/session.json');
   const proposal = require('../fixtures/proposal.json');
+  const profile = require('../fixtures/profile.json');
   const project = require('../fixtures/project.json');
 
   it('Update schedule', function() {
@@ -11,7 +12,7 @@ describe('Add session to schedule and publish', function() {
     cy.route('**/schedule').as('session-form');
     cy.route('POST', '**/schedule').as('add-session');
 
-    cy.login('/testcypressproject', admin.username, admin.password);
+    cy.login('/' + profile.title, editor.username, editor.password);
 
     cy.get('a[data-cy-project="' + project.title + '"]').click();
     cy.location('pathname').should('contain', project.url);
diff --git a/funnel/assets/cypress/integration/15_verifyConciergeRoles.js b/funnel/assets/cypress/integration/15_verifyConciergeRoles.js
new file mode 100644
index 000000000..2a79d3ef3
--- /dev/null
+++ b/funnel/assets/cypress/integration/15_verifyConciergeRoles.js
@@ -0,0 +1,26 @@
+describe('Verify roles of concierge', function() {
+  const concierge = require('../fixtures/user.json').concierge;
+  const project = require('../fixtures/project.json');
+
+  it('Access available for concierge in project settings', function() {
+    cy.login('/', concierge.username, concierge.password);
+
+    cy.get('[data-cy-project="' + project.title + '"]')
+      .first()
+      .click();
+    cy.location('pathname').should('contain', project.url);
+    cy.get('a[data-cy-navbar="settings"]').click();
+    cy.location('pathname').should('contain', 'settings');
+    cy.get('a[data-cy="edit"]').should('not.exist');
+    cy.get('a[data-cy="add-livestream"]').should('not.exist');
+    cy.get('a[data-cy="manage-venues"]').should('not.exist');
+    cy.get('a[data-cy="add-cfp"]').should('not.exist');
+    cy.get('a[data-cy="edit-schedule"]').should('not.exist');
+    cy.get('a[data-cy="manage-labels"]').should('not.exist');
+    cy.get('a[data-cy="setup-events"]').should('exist');
+    cy.get('a[data-cy="scan-checkin"]').should('not.exist');
+    cy.get('a[data-cy="download-csv"]').should('exist');
+    cy.get('a[data-cy="download-json"]').should('exist');
+    cy.get('a[data-cy="download-schedule-json"]').should('exist');
+  });
+});
diff --git a/funnel/assets/cypress/integration/12_setupEvent.js b/funnel/assets/cypress/integration/16_setupEvent.js
similarity index 79%
rename from funnel/assets/cypress/integration/12_setupEvent.js
rename to funnel/assets/cypress/integration/16_setupEvent.js
index ad2e50699..bb6705f9b 100644
--- a/funnel/assets/cypress/integration/12_setupEvent.js
+++ b/funnel/assets/cypress/integration/16_setupEvent.js
@@ -1,19 +1,19 @@
 describe('Setup event for checkin', function() {
-  const admin = require('../fixtures/user.json').admin;
+  const concierge = require('../fixtures/user.json').concierge;
   const project = require('../fixtures/project.json');
   const events = require('../fixtures/events.json');
   const participants = require('../fixtures/participants.json');
 
   it('Setup event for checkin', function() {
-    cy.login('/testcypressproject', admin.username, admin.password);
+    cy.login('/', concierge.username, concierge.password);
 
-    cy.get('[data-cy-project="' + project.title + '"]')
+    cy.get('[data-cy-title="' + project.title + '"]')
       .first()
       .click();
     cy.location('pathname').should('contain', project.url);
     cy.get('a[data-cy-navbar="settings"]').click();
     cy.location('pathname').should('contain', 'settings');
-    cy.get('a[data-cy="checkin"').click();
+    cy.get('a[data-cy="setup-events"').click();
     cy.location('pathname').should('contain', '/admin');
 
     cy.fixture('events').then(events => {
diff --git a/funnel/assets/cypress/integration/13_synctickets.js b/funnel/assets/cypress/integration/17_synctickets.js
similarity index 90%
rename from funnel/assets/cypress/integration/13_synctickets.js
rename to funnel/assets/cypress/integration/17_synctickets.js
index de5ddf82a..7b11dc97b 100644
--- a/funnel/assets/cypress/integration/13_synctickets.js
+++ b/funnel/assets/cypress/integration/17_synctickets.js
@@ -1,20 +1,20 @@
 describe('Sync tickets from Boxoffice', function() {
-  const admin = require('../fixtures/user.json').admin;
+  const concierge = require('../fixtures/user.json').concierge;
   const user = require('../fixtures/user.json').user;
   const project = require('../fixtures/project.json');
   const events = require('../fixtures/events.json');
   const { ticket_client } = require('../fixtures/boxoffice.js');
 
   it('Sync tickets from Boxoffice', function() {
-    cy.login('/testcypressproject', admin.username, admin.password);
+    cy.login('/', concierge.username, concierge.password);
 
-    cy.get('[data-cy-project="' + project.title + '"]')
+    cy.get('[data-cy-title="' + project.title + '"]')
       .first()
       .click();
     cy.location('pathname').should('contain', project.url);
     cy.get('a[data-cy-navbar="settings"]').click();
     cy.location('pathname').should('contain', 'settings');
-    cy.get('a[data-cy="checkin"').click();
+    cy.get('a[data-cy="setup-events"').click();
     cy.location('pathname').should('contain', '/admin');
 
     cy.get('a[data-cy="new-ticket-client"').click();
diff --git a/funnel/assets/cypress/integration/14_checkin.js b/funnel/assets/cypress/integration/18_checkin.js
similarity index 90%
rename from funnel/assets/cypress/integration/14_checkin.js
rename to funnel/assets/cypress/integration/18_checkin.js
index 0dd7417ca..21e21dedb 100644
--- a/funnel/assets/cypress/integration/14_checkin.js
+++ b/funnel/assets/cypress/integration/18_checkin.js
@@ -1,12 +1,13 @@
 describe('Checkin of attendees', function() {
-  const admin = require('../fixtures/user.json').admin;
+  const concierge = require('../fixtures/user.json').concierge;
   const user = require('../fixtures/user.json').user;
+  const profile = require('../fixtures/profile.json');
   const project = require('../fixtures/project.json');
   const events = require('../fixtures/events.json');
   const participants = require('../fixtures/participants.json');
 
   it('Checkin of attendees', function() {
-    cy.login('/testcypressproject', admin.username, admin.password);
+    cy.login('/', concierge.username, concierge.password);
 
     cy.get('[data-cy-project="' + project.title + '"]')
       .first()
@@ -14,7 +15,7 @@ describe('Checkin of attendees', function() {
     cy.location('pathname').should('contain', project.url);
     cy.get('a[data-cy-navbar="settings"]').click();
     cy.location('pathname').should('contain', 'settings');
-    cy.get('a[data-cy="checkin"').click();
+    cy.get('a[data-cy="setup-events"').click();
     cy.location('pathname').should('contain', '/admin');
 
     cy.fixture('participants').then(participants => {
diff --git a/funnel/assets/cypress/integration/19_verifyUsherRoles.js b/funnel/assets/cypress/integration/19_verifyUsherRoles.js
new file mode 100644
index 000000000..7374e021d
--- /dev/null
+++ b/funnel/assets/cypress/integration/19_verifyUsherRoles.js
@@ -0,0 +1,26 @@
+describe('Verify roles of usher', function() {
+  const usher = require('../fixtures/user.json').usher;
+  const project = require('../fixtures/project.json');
+
+  it('Access available for usher in project settings', function() {
+    cy.login('/', usher.username, usher.password);
+
+    cy.get('[data-cy-project="' + project.title + '"]')
+      .first()
+      .click();
+    cy.location('pathname').should('contain', project.url);
+    cy.get('a[data-cy-navbar="settings"]').click();
+    cy.location('pathname').should('contain', 'settings');
+    cy.get('a[data-cy="edit"]').should('not.exist');
+    cy.get('a[data-cy="add-livestream"]').should('not.exist');
+    cy.get('a[data-cy="manage-venues"]').should('not.exist');
+    cy.get('a[data-cy="add-cfp"]').should('not.exist');
+    cy.get('a[data-cy="edit-schedule"]').should('not.exist');
+    cy.get('a[data-cy="manage-labels"]').should('not.exist');
+    cy.get('a[data-cy="setup-events"]').should('not.exist');
+    cy.get('a[data-cy="scan-checkin"]').should('exist');
+    cy.get('a[data-cy="download-csv"]').should('exist');
+    cy.get('a[data-cy="download-json"]').should('exist');
+    cy.get('a[data-cy="download-schedule-json"]').should('exist');
+  });
+});
diff --git a/funnel/assets/cypress/integration/15_badge.js b/funnel/assets/cypress/integration/20_badge.js
similarity index 84%
rename from funnel/assets/cypress/integration/15_badge.js
rename to funnel/assets/cypress/integration/20_badge.js
index fa03bda40..4fdcb089e 100644
--- a/funnel/assets/cypress/integration/15_badge.js
+++ b/funnel/assets/cypress/integration/20_badge.js
@@ -1,5 +1,6 @@
 describe('View participant badge', function() {
-  const admin = require('../fixtures/user.json').admin;
+  const usher = require('../fixtures/user.json').usher;
+  const profile = require('../fixtures/profile.json');
   const project = require('../fixtures/project.json');
   const events = require('../fixtures/events.json');
   const participants = require('../fixtures/participants.json');
@@ -9,7 +10,7 @@ describe('View participant badge', function() {
     cy.route('POST', '**/participants/checkin?*').as('checkin');
     cy.route('**/participants/json').as('participant-list');
 
-    cy.login('/testcypressproject', admin.username, admin.password);
+    cy.login('/', usher.username, usher.password);
 
     cy.get('[data-cy-project="' + project.title + '"]')
       .first()
@@ -17,7 +18,7 @@ describe('View participant badge', function() {
     cy.location('pathname').should('contain', project.url);
     cy.get('a[data-cy-navbar="settings"]').click();
     cy.location('pathname').should('contain', 'settings');
-    cy.get('a[data-cy="checkin"').click();
+    cy.get('a[data-cy="setup-events"').click();
     cy.location('pathname').should('contain', '/admin');
     cy.get('a[data-cy="' + events[1].title + '"]').click();
     var firstname = participants[2].fullname.split(' ')[0];
diff --git a/funnel/assets/cypress/integration/16_printbadge.js b/funnel/assets/cypress/integration/21_printbadge.js
similarity index 88%
rename from funnel/assets/cypress/integration/16_printbadge.js
rename to funnel/assets/cypress/integration/21_printbadge.js
index b42349c25..8c9e2807b 100644
--- a/funnel/assets/cypress/integration/16_printbadge.js
+++ b/funnel/assets/cypress/integration/21_printbadge.js
@@ -1,5 +1,5 @@
 describe('View badges to be printed', function() {
-  const admin = require('../fixtures/user.json').admin;
+  const usher = require('../fixtures/user.json').usher;
   const user = require('../fixtures/user.json').user;
   const project = require('../fixtures/project.json');
   const events = require('../fixtures/events.json');
@@ -10,7 +10,7 @@ describe('View badges to be printed', function() {
     cy.route('POST', '**/participants/checkin?*').as('checkin');
     cy.route('**/participants/json').as('participant-list');
 
-    cy.login('/testcypressproject', admin.username, admin.password);
+    cy.login('/', usher.username, usher.password);
 
     cy.get('[data-cy-project="' + project.title + '"]')
       .first()
@@ -18,7 +18,7 @@ describe('View badges to be printed', function() {
     cy.location('pathname').should('contain', project.url);
     cy.get('a[data-cy-navbar="settings"]').click();
     cy.location('pathname').should('contain', 'settings');
-    cy.get('a[data-cy="checkin"').click();
+    cy.get('a[data-cy="setup-events"').click();
     cy.location('pathname').should('contain', '/admin');
     cy.get('a[data-cy="' + events[0].title + '"]').click();
     var firstname1 = participants[0].fullname.split(' ')[0];
diff --git a/funnel/assets/cypress/integration/17_updatebadgeprintstatus.js b/funnel/assets/cypress/integration/22_updatebadgeprintstatus.js
similarity index 96%
rename from funnel/assets/cypress/integration/17_updatebadgeprintstatus.js
rename to funnel/assets/cypress/integration/22_updatebadgeprintstatus.js
index aa81c9be9..6c17e38ff 100644
--- a/funnel/assets/cypress/integration/17_updatebadgeprintstatus.js
+++ b/funnel/assets/cypress/integration/22_updatebadgeprintstatus.js
@@ -18,7 +18,7 @@ describe('View and update print status of badge', function() {
     cy.get('a[data-cy-navbar="settings"]').click();
     cy.location('pathname').should('contain', 'settings');
 
-    cy.get('a[data-cy="checkin"').click();
+    cy.get('a[data-cy="setup-events"').click();
     cy.location('pathname').should('contain', '/admin');
     cy.get('a[data-cy="' + events[0].title + '"]').click();
     cy.get('select#badge_printed').select('Printed', { force: true });
diff --git a/funnel/assets/cypress/integration/18_verifyattendeeList.js b/funnel/assets/cypress/integration/22_verifyattendeeList.js
similarity index 81%
rename from funnel/assets/cypress/integration/18_verifyattendeeList.js
rename to funnel/assets/cypress/integration/22_verifyattendeeList.js
index 30bf07b51..97a95810e 100644
--- a/funnel/assets/cypress/integration/18_verifyattendeeList.js
+++ b/funnel/assets/cypress/integration/22_verifyattendeeList.js
@@ -1,10 +1,10 @@
 describe('Verify attendee list', function() {
-  const admin = require('../fixtures/user.json').admin;
+  const concierge = require('../fixtures/user.json').concierge;
   const user = require('../fixtures/user.json').user;
   const project = require('../fixtures/project.json');
 
   it('Verify list of attendees who have responded yes to attending a project', function() {
-    cy.login('/testcypressproject', admin.username, admin.password);
+    cy.login('/testcypressproject', concierge.username, concierge.password);
 
     cy.get('[data-cy-project="' + project.title + '"]')
       .first()
diff --git a/funnel/assets/cypress/integration/20_viewSchedule.js b/funnel/assets/cypress/integration/23_viewSchedule.js
similarity index 100%
rename from funnel/assets/cypress/integration/20_viewSchedule.js
rename to funnel/assets/cypress/integration/23_viewSchedule.js
diff --git a/funnel/assets/cypress/integration/21_addSessionVideo.js b/funnel/assets/cypress/integration/24_addSessionVideo.js
similarity index 100%
rename from funnel/assets/cypress/integration/21_addSessionVideo.js
rename to funnel/assets/cypress/integration/24_addSessionVideo.js
diff --git a/funnel/assets/cypress/integration/22_viewVideos.js b/funnel/assets/cypress/integration/25_viewVideos.js
similarity index 100%
rename from funnel/assets/cypress/integration/22_viewVideos.js
rename to funnel/assets/cypress/integration/25_viewVideos.js
diff --git a/funnel/assets/cypress/integration/23_removeSessionVideo.js b/funnel/assets/cypress/integration/26_removeSessionVideo.js
similarity index 90%
rename from funnel/assets/cypress/integration/23_removeSessionVideo.js
rename to funnel/assets/cypress/integration/26_removeSessionVideo.js
index 416edc8c9..10b68bef2 100644
--- a/funnel/assets/cypress/integration/23_removeSessionVideo.js
+++ b/funnel/assets/cypress/integration/26_removeSessionVideo.js
@@ -1,5 +1,5 @@
 describe('Remove video to session', function() {
-  const admin = require('../fixtures/user.json').admin;
+  const editor = require('../fixtures/user.json').editor;
   const project = require('../fixtures/project.json');
   const proposal = require('../fixtures/proposal.json');
 
@@ -7,7 +7,7 @@ describe('Remove video to session', function() {
     cy.server();
     cy.route('**/viewsession-popup').as('view-session');
 
-    cy.login('/', admin.username, admin.password);
+    cy.login('/', editor.username, editor.password);
 
     cy.get('.upcoming')
       .find('.card--upcoming')
diff --git a/funnel/assets/cypress/integration/27_viewCrew.js b/funnel/assets/cypress/integration/27_viewCrew.js
new file mode 100644
index 000000000..b8f45efb7
--- /dev/null
+++ b/funnel/assets/cypress/integration/27_viewCrew.js
@@ -0,0 +1,36 @@
+describe('View crew', function() {
+  const admin = require('../fixtures/user.json').admin;
+  const concierge = require('../fixtures/user.json').concierge;
+  const usher = require('../fixtures/user.json').usher;
+  const project = require('../fixtures/project.json');
+
+  it('View crew of the project', function() {
+    cy.visit('/');
+    cy.get('.upcoming')
+      .find('.card--upcoming')
+      .contains(project.title)
+      .click({ force: true });
+    cy.location('pathname').should('contain', project.url);
+    cy.get('a[data-cy-navbar="crew"]').click();
+    cy.get('button[data-cy-btn="add-member"]').should('not.exist');
+    cy.get('[data-cy="member"]')
+      .contains(admin.username)
+      .parents('.user-box')
+      .find('[data-cy="role"]')
+      .contains('Editor');
+    cy.get('[data-cy="member"]')
+      .contains(concierge.username)
+      .parents('.user-box')
+      .find('[data-cy="role"]')
+      .contains('Concierge');
+    cy.get('[data-cy="member"]')
+      .contains(usher.username)
+      .parents('.user-box')
+      .find('[data-cy="role"]')
+      .contains('Usher');
+    cy.get('[data-cy="member"]')
+      .contains(admin.username)
+      .click();
+    cy.get('#member-form', { timeout: 10000 }).should('not.be.visible');
+  });
+});
diff --git a/funnel/assets/cypress/integration/19_search.js b/funnel/assets/cypress/integration/28_search.js
similarity index 100%
rename from funnel/assets/cypress/integration/19_search.js
rename to funnel/assets/cypress/integration/28_search.js
diff --git a/funnel/assets/cypress/support/commands.js b/funnel/assets/cypress/support/commands.js
index d8393ce93..e3ff32793 100644
--- a/funnel/assets/cypress/support/commands.js
+++ b/funnel/assets/cypress/support/commands.js
@@ -25,19 +25,6 @@ Cypress.Commands.add('login', (route, username, password) => {
   cy.wait('@login', { timeout: 20000 });
 });
 
-Cypress.Commands.add('relogin', route => {
-  cy.visit(route)
-    .get('#hgnav')
-    .then($header => {
-      if ($header.find('.header__button').length > 0) {
-        cy.get('#hgnav')
-          .find('.header__button')
-          .click();
-        cy.location('pathname').should('include', route);
-      }
-    });
-});
-
 Cypress.Commands.add('logout', () => {
   cy.get('a[data-cy="account-link"]').click();
   cy.get('a[data-cy="my-account"]').click();
@@ -48,6 +35,37 @@ Cypress.Commands.add('logout', () => {
   cy.clearCookies();
 });
 
+Cypress.Commands.add('add_member', (username, role) => {
+  cy.server();
+  cy.route('**/membership/new').as('member-form');
+  cy.route('POST', '**/membership/new').as('add-member');
+
+  cy.get('button[data-cy-btn="add-member"]').click();
+  cy.wait('@member-form');
+  cy.get('.select2-selection__arrow').click({ multiple: true });
+  cy.get('.select2-search__field').type(username, {
+    force: true,
+  });
+  cy.get('.select2-results__option--highlighted', { timeout: 20000 }).should(
+    'be.visible'
+  );
+  cy.get('.select2-results__option')
+    .contains(username)
+    .click();
+  cy.get('.select2-results__options', { timeout: 10000 }).should('not.visible');
+  cy.get(`#is_${role}`).click();
+  cy.get('button')
+    .contains('Add member')
+    .click();
+  cy.wait('@add-member');
+  var roleString = role[0].toUpperCase() + role.slice(1);
+  cy.get('[data-cy="member"]')
+    .contains(username)
+    .parents('.user-box')
+    .find('[data-cy="role"]')
+    .contains(roleString);
+});
+
 Cypress.Commands.add('checkin', participant => {
   cy.server();
   cy.route('POST', '**/participants/checkin').as('checkin');
diff --git a/funnel/assets/js/event.js b/funnel/assets/js/event.js
index 19403d68e..a6047436e 100644
--- a/funnel/assets/js/event.js
+++ b/funnel/assets/js/event.js
@@ -87,7 +87,7 @@ const Queue = function(queueName) {
 };
 
 const ParticipantTable = {
-  init({ isAdmin, isConcierge, checkinUrl, participantlistUrl, eventName }) {
+  init({ isConcierge, isUsher, checkinUrl, participantlistUrl, eventName }) {
     Ractive.DEBUG = false;
 
     const count = new Ractive({
@@ -107,8 +107,8 @@ const ParticipantTable = {
         checkinUrl,
         checkinQ: new Queue(`${eventName}-checkin-queue`),
         cancelcheckinQ: new Queue(`${eventName}-cancelcheckin-queue`),
-        isAdmin,
         isConcierge,
+        isUsher,
         svgIconUrl: window.HasGeek.config.svgIconUrl,
         getCsrfToken() {
           return $('meta[name="csrf-token"]').attr('content');
diff --git a/funnel/assets/js/membership.js b/funnel/assets/js/membership.js
new file mode 100644
index 000000000..8f0ed564d
--- /dev/null
+++ b/funnel/assets/js/membership.js
@@ -0,0 +1,161 @@
+import Vue from 'vue/dist/vue.min';
+import VS2 from 'vue-script2';
+import { Utils } from './util';
+
+const Membership = {
+  init({
+    newMemberUrl,
+    members = '',
+    roles = [],
+    divElem,
+    memberTemplate,
+    isUserProfileAdmin,
+  }) {
+    Vue.use(VS2);
+
+    const memberUI = Vue.component('member', {
+      template: memberTemplate,
+      props: ['member'],
+      methods: {
+        rolesCount(member) {
+          let count = 0;
+          if (member.is_editor) count += 1;
+          if (member.is_concierge) count += 1;
+          if (member.is_usher) count += 1;
+          return count - 1;
+        },
+      },
+    });
+
+    /* eslint-disable no-new */
+    new Vue({
+      el: divElem,
+      components: {
+        memberUI,
+      },
+      data() {
+        return {
+          newMemberUrl,
+          members: members.length > 0 ? members : '',
+          isUserProfileAdmin,
+          roles: roles,
+          memberForm: '',
+          activeMember: '',
+          errorMsg: '',
+          view: 'name',
+          search: '',
+          showInfo: false,
+          svgIconUrl: window.HasGeek.config.svgIconUrl,
+          isMobile: false,
+        };
+      },
+      methods: {
+        fetchForm(event, url, member = '') {
+          event.preventDefault();
+          if (this.isUserProfileAdmin) {
+            this.activeMember = member;
+            const app = this;
+            $.ajax({
+              type: 'GET',
+              url,
+              timeout: window.HasGeek.config.ajaxTimeout,
+              dataType: 'json',
+              success(data) {
+                const vueFormHtml = data.form;
+                app.memberForm = vueFormHtml.replace(/\bscript\b/g, 'script2');
+                $('#member-form').modal('show');
+              },
+            });
+          }
+        },
+        activateForm() {
+          const formId = Utils.getElementId(this.memberForm);
+          const url = Utils.getActionUrl(formId);
+          const onSuccess = responseData => {
+            this.closeForm();
+            if (responseData.memberships) {
+              this.updateMembersList(responseData.memberships);
+              this.onChange();
+            }
+          };
+          const onError = response => {
+            this.errorMsg = Utils.formErrorHandler(formId, response);
+          };
+          window.Baseframe.Forms.handleFormSubmit(
+            formId,
+            url,
+            onSuccess,
+            onError,
+            {}
+          );
+        },
+        updateMembersList(membersList) {
+          this.members = membersList.length > 0 ? membersList : '';
+        },
+        filter(event, action) {
+          event.preventDefault();
+          this.view = action;
+        },
+        closeForm(event = '') {
+          if (event) event.preventDefault();
+          $.modal.close();
+          this.errorMsg = '';
+        },
+        onChange() {
+          if (this.search) {
+            this.members.filter(member => {
+              member.hide =
+                member.user.fullname
+                  .toLowerCase()
+                  .indexOf(this.search.toLowerCase()) === -1;
+              return true;
+            });
+          }
+        },
+        collapse(event, role) {
+          event.preventDefault();
+          role.showMembers = !role.showMembers;
+        },
+        showRoleDetails(event) {
+          event.preventDefault();
+          this.showInfo = !this.showInfo;
+        },
+        onWindowResize() {
+          this.isMobile =
+            $(window).width() < window.HasGeek.config.mobileBreakpoint;
+        },
+      },
+      computed: {
+        Form() {
+          const template = this.memberForm ? this.memberForm : '<div></div>';
+          const isFormTemplate = this.memberForm ? true : '';
+          return {
+            template,
+            mounted() {
+              if (isFormTemplate) {
+                this.$parent.activateForm();
+              }
+            },
+          };
+        },
+        deleteURL() {
+          return this.activeMember.urls.delete;
+        },
+      },
+      mounted() {
+        $('#member-form').on($.modal.CLOSE, () => {
+          this.closeForm();
+        });
+      },
+      created() {
+        window.addEventListener('resize', this.onWindowResize);
+      },
+    });
+  },
+};
+
+$(() => {
+  window.HasGeek.Membership = function(config) {
+    Membership.init(config);
+  };
+});
diff --git a/funnel/assets/js/util.js b/funnel/assets/js/util.js
index 63b184e5a..d8f14dff1 100644
--- a/funnel/assets/js/util.js
+++ b/funnel/assets/js/util.js
@@ -173,6 +173,40 @@ export const Utils = {
       }
     });
   },
+  getElementId(htmlString) {
+    return htmlString.match(/id="(.*?)"/)[1];
+  },
+  formErrorHandler(formId, errorResponse) {
+    let errorMsg = '';
+    // xhr readyState '4' indicates server has received the request & response is ready
+    if (errorResponse.readyState === 4) {
+      if (errorResponse.status === 500) {
+        errorMsg = 'Internal Server Error';
+      } else {
+        if (errorResponse.responseJSON.errors) {
+          window.Baseframe.Forms.showValidationErrors(
+            formId,
+            errorResponse.responseJSON.errors
+          );
+        }
+        errorMsg = errorResponse.responseJSON.message
+          ? errorResponse.responseJSON.message
+          : 'Error';
+      }
+    } else {
+      errorMsg = 'Unable to connect. Please try again.';
+    }
+    $(`#${formId}`)
+      .find('button[type="submit"]')
+      .prop('disabled', false);
+    $(`#${formId}`)
+      .find('.loading')
+      .addClass('mui--hide');
+    return errorMsg;
+  },
+  getActionUrl(formId) {
+    return $(`#${formId}`).attr('action');
+  },
 };
 
 export const ScrollActiveMenu = {
diff --git a/funnel/assets/package-lock.json b/funnel/assets/package-lock.json
index 189a29623..c85799728 100644
--- a/funnel/assets/package-lock.json
+++ b/funnel/assets/package-lock.json
@@ -8347,6 +8347,29 @@
         "get-value": "^2.0.6",
         "is-extendable": "^0.1.1",
         "set-value": "^2.0.1"
+      },
+      "dependencies": {
+        "extend-shallow": {
+          "version": "2.0.1",
+          "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz",
+          "integrity": "sha1-Ua99YUrZqfYQ6huvu5idaxxWiQ8=",
+          "dev": true,
+          "requires": {
+            "is-extendable": "^0.1.0"
+          }
+        },
+        "set-value": {
+          "version": "2.0.1",
+          "resolved": "https://registry.npmjs.org/set-value/-/set-value-2.0.1.tgz",
+          "integrity": "sha512-JxHc1weCN68wRY0fhCoXpyK55m/XPHafOmK4UWD7m2CI14GMcFypt4w/0+NV5f/ZMby2F6S2wwA7fgynh9gWSw==",
+          "dev": true,
+          "requires": {
+            "extend-shallow": "^2.0.1",
+            "is-extendable": "^0.1.1",
+            "is-plain-object": "^2.0.3",
+            "split-string": "^3.0.1"
+          }
+        }
       }
     },
     "unique-filename": {
@@ -8541,6 +8564,11 @@
       "resolved": "https://registry.npmjs.org/vue/-/vue-2.6.10.tgz",
       "integrity": "sha512-ImThpeNU9HbdZL3utgMCq0oiMzAkt1mcgy3/E6zWC/G6AaQoeuFdsl9nDhTDU3X1R6FK7nsIUuRACVcjI+A2GQ=="
     },
+    "vue-script2": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/vue-script2/-/vue-script2-2.1.0.tgz",
+      "integrity": "sha512-EDUOjQBFvhkJXwmWuUR9ijlF7/4JtmvjXSKaHSa/LNTMy9ltjgKgYB68aqlxgq8ORdSxowd5eo24P1syjZJnBA=="
+    },
     "watchpack": {
       "version": "1.6.1",
       "resolved": "https://registry.npmjs.org/watchpack/-/watchpack-1.6.1.tgz",
diff --git a/funnel/assets/package.json b/funnel/assets/package.json
index 88a5374bf..7a5c766ef 100644
--- a/funnel/assets/package.json
+++ b/funnel/assets/package.json
@@ -38,6 +38,7 @@
     "leaflet": "^1.4.0",
     "ractive": "^0.7.3",
     "vcards-js": "^2.10.0",
-    "vue": "^2.6.10"
+    "vue": "^2.6.10",
+    "vue-script2": "^2.1.0"
   }
 }
diff --git a/funnel/assets/service-worker-template.js b/funnel/assets/service-worker-template.js
index 9f198c99d..f4496dcd0 100644
--- a/funnel/assets/service-worker-template.js
+++ b/funnel/assets/service-worker-template.js
@@ -3,50 +3,82 @@ workbox.core.clientsClaim();
 
 workbox.precaching.precacheAndRoute(self.__precacheManifest);
 
-workbox.routing.registerRoute(new RegExp('/^https?\:\/\/static.*/'), new workbox.strategies.NetworkFirst({
-  "cacheName": "assets"
-}), 'GET');
+workbox.routing.registerRoute(
+  new RegExp('/^https?://static.*/'),
+  new workbox.strategies.NetworkFirst({
+    cacheName: 'assets',
+  }),
+  'GET'
+);
 
-workbox.routing.registerRoute(new RegExp('/^https?:\/\/hasgeek.com\/*/'), new workbox.strategies.NetworkFirst({
-  "cacheName": "assets"
-}), 'GET');
+workbox.routing.registerRoute(
+  new RegExp('/^https?://hasgeek.com/*/'),
+  new workbox.strategies.NetworkFirst({
+    cacheName: 'assets',
+  }),
+  'GET'
+);
 
 //For development setup caching of assets
-workbox.routing.registerRoute(new RegExp('/^http:\/\/localhost:3000\/static/'), new workbox.strategies.NetworkFirst({
-  "cacheName": "baseframe-local"
-}), 'GET');
+workbox.routing.registerRoute(
+  new RegExp('/^http://localhost:3000/static/'),
+  new workbox.strategies.NetworkFirst({
+    cacheName: 'baseframe-local',
+  }),
+  'GET'
+);
 
-workbox.routing.registerRoute(new RegExp('/^https?:\/\/images\.hasgeek\.com\/embed\/file\/*/'), new workbox.strategies.NetworkFirst({
-  "cacheName": "images"
-}), 'GET');
+workbox.routing.registerRoute(
+  new RegExp('/^https?://images.hasgeek.com/embed/file/*/'),
+  new workbox.strategies.NetworkFirst({
+    cacheName: 'images',
+  }),
+  'GET'
+);
 
-workbox.routing.registerRoute(new RegExp('/^https?:\/\/fonts.googleapis.com\/*/'), new workbox.strategies.NetworkFirst({
-  "cacheName": "fonts"
-}), 'GET');
+workbox.routing.registerRoute(
+  new RegExp('/^https?://fonts.googleapis.com/*/'),
+  new workbox.strategies.NetworkFirst({
+    cacheName: 'fonts',
+  }),
+  'GET'
+);
 
-workbox.routing.registerRoute(new RegExp('/^https?\:\/\/ajax.googleapis.com\/*/'), new workbox.strategies.NetworkFirst({
-  "cacheName": "cdn-libraries"
-}), 'GET');
+workbox.routing.registerRoute(
+  new RegExp('/^https?://ajax.googleapis.com/*/'),
+  new workbox.strategies.NetworkFirst({
+    cacheName: 'cdn-libraries',
+  }),
+  'GET'
+);
 
-workbox.routing.registerRoute(new RegExp('/(.*)'), new workbox.strategies.NetworkFirst({
-  "cacheName": "routes"
-}), 'GET');
+workbox.routing.registerRoute(
+  new RegExp('/(.*)'),
+  new workbox.strategies.NetworkFirst({
+    cacheName: 'routes',
+  }),
+  'GET'
+);
 
-self.addEventListener('install', (event) => {
-  event.waitUntil(caches.open('offline').then((cache) => cache.addAll(['/api/1/template/offline'])));
+self.addEventListener('install', event => {
+  event.waitUntil(
+    caches
+      .open('offline')
+      .then(cache => cache.addAll(['/api/1/template/offline']))
+  );
 });
 
-addEventListener('message', (event) => {
+addEventListener('message', event => {
   if (event.data && event.data.type === 'SKIP_WAITING') {
     skipWaiting();
   }
 });
 
-workbox.routing.setCatchHandler(({event}) => {
+workbox.routing.setCatchHandler(({ event }) => {
   switch (event.request.destination) {
     case 'document':
       return caches.match('offline');
-    break;
+      break;
 
     default:
       return Response.error();
diff --git a/funnel/assets/webpack.config.js b/funnel/assets/webpack.config.js
index cee91ee5d..47a8ee5b2 100644
--- a/funnel/assets/webpack.config.js
+++ b/funnel/assets/webpack.config.js
@@ -60,6 +60,7 @@ module.exports = {
     scan_contact: path.resolve(__dirname, 'js/scan_contact.js'),
     contact: path.resolve(__dirname, 'js/contact.js'),
     search: path.resolve(__dirname, 'js/search.js'),
+    membership: path.resolve(__dirname, 'js/membership.js'),
     session_videos: path.resolve(__dirname, 'js/session_videos.js'),
   },
   output: {
diff --git a/funnel/forms/__init__.py b/funnel/forms/__init__.py
index 44d468726..1eb4d29d0 100644
--- a/funnel/forms/__init__.py
+++ b/funnel/forms/__init__.py
@@ -6,6 +6,7 @@
 from .comment import *
 from .label import *
 from .login import *
+from .membership import *
 from .organization import *
 from .participant import *
 from .profile import *
diff --git a/funnel/forms/account.py b/funnel/forms/account.py
index f6238c7b0..4ffeb0ea9 100644
--- a/funnel/forms/account.py
+++ b/funnel/forms/account.py
@@ -111,7 +111,7 @@ class AccountForm(forms.Form):
     email = forms.EmailField(
         __("Email address"),
         description=__("Required for sending you tickets, invoices and notifications"),
-        validators=[forms.validators.DataRequired(), forms.ValidEmail()],
+        validators=[forms.validators.DataRequired(), forms.validators.ValidEmail()],
         widget_attrs={'autocorrect': 'none', 'autocapitalize': 'none'},
     )
     username = forms.AnnotatedTextField(
@@ -166,7 +166,7 @@ def validate_email(self, field):
 class NewEmailAddressForm(forms.RecaptchaForm):
     email = forms.EmailField(
         __("Email address"),
-        validators=[forms.validators.DataRequired(), forms.ValidEmail()],
+        validators=[forms.validators.DataRequired(), forms.validators.ValidEmail()],
         widget_attrs={'autocorrect': 'none', 'autocapitalize': 'none'},
     )
     type = forms.RadioField(  # NOQA: A003
@@ -201,7 +201,7 @@ def validate_email(self, field):
 class EmailPrimaryForm(forms.Form):
     email = forms.EmailField(
         __("Email address"),
-        validators=[forms.validators.DataRequired(), forms.ValidEmail()],
+        validators=[forms.validators.DataRequired(), forms.validators.ValidEmail()],
         widget_attrs={'autocorrect': 'none', 'autocapitalize': 'none'},
     )
 
diff --git a/funnel/forms/auth_client.py b/funnel/forms/auth_client.py
index 3313646c5..3886df783 100644
--- a/funnel/forms/auth_client.py
+++ b/funnel/forms/auth_client.py
@@ -123,7 +123,7 @@ def validate_client_owner(self, field):
         else:
             orgs = [
                 org
-                for org in self.edit_user.organizations_owned()
+                for org in self.edit_user.organizations_as_owner
                 if org.buid == field.data
             ]
             if len(orgs) != 1:
diff --git a/funnel/forms/membership.py b/funnel/forms/membership.py
new file mode 100644
index 000000000..29bd1149e
--- /dev/null
+++ b/funnel/forms/membership.py
@@ -0,0 +1,53 @@
+# -*- coding: utf-8 -*-
+
+from baseframe import _, __
+from coaster.utils import getbool
+import baseframe.forms as forms
+
+
+class OrganizationMembershipForm(forms.Form):
+    # add a member to a project
+    user = forms.UserSelectField(
+        __("User"),
+        validators=[forms.validators.DataRequired(_(u"Please select a user"))],
+        description=__("Find a user by their name or email address"),
+    )
+    is_owner = forms.RadioField(
+        __("Access level"),
+        coerce=getbool,
+        default=False,
+        choices=[
+            (
+                False,
+                __("Admin (can manage projects, but can't add or remove other admins)"),
+            ),
+            (True, __("Owner (can also manage other owners and admins)")),
+        ],
+    )
+
+
+class ProjectCrewMembershipForm(forms.Form):
+    # add a member to a project
+    user = forms.UserSelectField(
+        __("User"),
+        validators=[forms.validators.DataRequired(_(u"Please select a user"))],
+        description=__("Find a user by their name or email address"),
+    )
+    is_editor = forms.BooleanField(__("Editor"), default=False)
+    is_concierge = forms.BooleanField(__("Concierge"), default=False)
+    is_usher = forms.BooleanField(__("Usher"), default=False)
+
+    def validate(self, extra_validators=None):
+        is_valid = super(ProjectCrewMembershipForm, self).validate(extra_validators)
+        if not any([self.is_editor.data, self.is_concierge.data, self.is_usher.data]):
+            self.is_usher.errors.append("Please select one or more roles")
+            is_valid = False
+        return is_valid
+
+
+class ProjectCrewMembershipInviteForm(forms.Form):
+    action = forms.SelectField(
+        __("Choice"),
+        choices=[('accept', __("Accept")), ('decline', __("Decline"))],
+        validators=[forms.validators.DataRequired(_(u"Please make a choice"))],
+    )
diff --git a/funnel/forms/organization.py b/funnel/forms/organization.py
index 9be9853cc..4366ff76f 100644
--- a/funnel/forms/organization.py
+++ b/funnel/forms/organization.py
@@ -39,10 +39,11 @@ class OrganizationForm(forms.Form):
     is_public_profile = forms.BooleanField(__("Make profile page public"))
 
     def validate_name(self, field):
-        if self.edit_obj:
-            reason = self.edit_obj.validate_name_candidate(field.data)
-        else:
-            reason = Profile.validate_name_candidate(field.data)
+        if field.data and field.data == self.edit_obj.name:
+            # Don't validate if name is unchanged
+            return
+
+        reason = Profile.validate_name_candidate(field.data)
         if not reason:
             return  # name is available
         if reason == 'invalid':
diff --git a/funnel/forms/profile.py b/funnel/forms/profile.py
index 8928e53ff..3435fc51e 100644
--- a/funnel/forms/profile.py
+++ b/funnel/forms/profile.py
@@ -3,18 +3,12 @@
 from baseframe import _, __
 import baseframe.forms as forms
 
+from .organization import OrganizationForm
 
-class NewProfileForm(forms.Form):
-    """Create a new profile."""
-
-    profile = forms.RadioField(
-        __("Organization"),
-        validators=[forms.validators.DataRequired("Select an organization")],
-        description=__("Select the organization you’d like to create a Talkfunnel for"),
-    )
+__all__ = ['ProfileForm']
 
 
-class EditProfileForm(forms.Form):
+class ProfileForm(OrganizationForm):
     """Edit a profile."""
 
     description = forms.MarkdownField(
diff --git a/funnel/forms/project.py b/funnel/forms/project.py
index ad8fa6f74..51fe219e0 100644
--- a/funnel/forms/project.py
+++ b/funnel/forms/project.py
@@ -123,30 +123,6 @@ class ProjectForm(forms.Form):
     parent_project = QuerySelectField(
         __("Parent project"), get_label='title', allow_blank=True, blank_text=__("None")
     )
-
-    admin_team = QuerySelectField(
-        "Admin team",
-        validators=[forms.validators.DataRequired(__("Please select a team"))],
-        get_label='title',
-        allow_blank=False,
-        description=__("The administrators of this project"),
-    )
-    review_team = QuerySelectField(
-        "Review team",
-        validators=[forms.validators.DataRequired(__("Please select a team"))],
-        get_label='title',
-        allow_blank=False,
-        description=__(
-            "Reviewers can see contact details of proposers, but can’t change settings"
-        ),
-    )
-    checkin_team = QuerySelectField(
-        "Checkin team",
-        validators=[forms.validators.DataRequired(__("Please select a team"))],
-        get_label='title',
-        allow_blank=False,
-        description=__("Team members can check in users at an event"),
-    )
     allow_rsvp = forms.BooleanField(__("Allow site visitors to RSVP (login required)"))
     buy_tickets_url = forms.URLField(
         __("URL to buy tickets"),
@@ -160,10 +136,6 @@ class ProjectForm(forms.Form):
     )
 
     def set_queries(self):
-        profile_teams = self.edit_parent.teams
-        self.admin_team.query = profile_teams
-        self.review_team.query = profile_teams
-        self.checkin_team.query = profile_teams
         if self.edit_obj is None:
             self.parent_project.query = self.edit_parent.projects
         else:
diff --git a/funnel/forms/proposal.py b/funnel/forms/proposal.py
index f24246f24..c7778dd6e 100644
--- a/funnel/forms/proposal.py
+++ b/funnel/forms/proposal.py
@@ -5,8 +5,6 @@
 from coaster.auth import current_auth
 import baseframe.forms as forms
 
-from ..models import Profile, Project
-
 __all__ = [
     'ProposalForm',
     'ProposalLabelsAdminForm',
@@ -243,12 +241,4 @@ class ProposalMoveForm(forms.Form):
     )
 
     def set_queries(self):
-        team_ids = [t.id for t in current_auth.user.teams]
-        self.target.query = (
-            Project.query.join(Project.profile)
-            .filter(
-                (Project.admin_team_id.in_(team_ids))
-                | (Profile.admin_team_id.in_(team_ids))
-            )
-            .order_by(Project.schedule_start_at.desc())
-        )
+        self.target.query = current_auth.user.projects_as_editor
diff --git a/funnel/jobs/jobs.py b/funnel/jobs/jobs.py
index c353af746..2e7812e60 100644
--- a/funnel/jobs/jobs.py
+++ b/funnel/jobs/jobs.py
@@ -9,6 +9,13 @@
 from ..extapi.boxoffice import Boxoffice
 from ..extapi.explara import ExplaraAPI
 from ..models import Project, ProjectLocation, TicketClient, db
+from ..views.helpers import send_mail
+
+
+@rq.job('funnel')
+def send_mail_async(sender, to, body, subject):
+    with app.app_context():
+        send_mail(sender, to, body, subject)
 
 
 @rq.job('funnel')
diff --git a/funnel/models/__init__.py b/funnel/models/__init__.py
index d0a382917..b2b95eb11 100644
--- a/funnel/models/__init__.py
+++ b/funnel/models/__init__.py
@@ -45,3 +45,7 @@
 from .saved import *  # isort:skip
 from .session import *  # isort:skip
 from .venue import *  # isort:skip
+from .membership import *  # isort:skip
+from .organization_membership import *  # isort:skip
+from .project_membership import *  # isort:skip
+from .proposal_membership import *  # isort:skip
diff --git a/funnel/models/auth_client.py b/funnel/models/auth_client.py
index e68761ed5..e9cafe431 100644
--- a/funnel/models/auth_client.py
+++ b/funnel/models/auth_client.py
@@ -158,7 +158,7 @@ def owner_is(self, user):
         if not user:
             return False
         return self.user == user or (
-            self.organization and self.organization in user.organizations_owned()
+            self.organization and self.organization in user.organizations_as_owner
         )
 
     def permissions(self, user, inherited=None):
@@ -208,7 +208,7 @@ def all_for(cls, user):
             return cls.query.filter(
                 db.or_(
                     cls.user == user,
-                    cls.organization_id.in_(user.organizations_owned_ids()),
+                    cls.organization_id.in_(user.organizations_as_owner_ids()),
                 )
             ).order_by(cls.title)
 
@@ -239,7 +239,7 @@ class AuthClientCredential(BaseMixin, db.Model):
         primaryjoin=auth_client_id == AuthClient.id,
         backref=db.backref(
             'credentials',
-            cascade='all, delete-orphan',
+            cascade='all',
             collection_class=attribute_mapped_collection('name'),
         ),
     )
@@ -288,7 +288,7 @@ class AuthCode(ScopeMixin, BaseMixin, db.Model):
     auth_client = db.relationship(
         AuthClient,
         primaryjoin=auth_client_id == AuthClient.id,
-        backref=db.backref('authcodes', cascade='all, delete-orphan'),
+        backref=db.backref('authcodes', cascade='all'),
     )
     user_session_id = db.Column(None, db.ForeignKey('user_session.id'), nullable=True)
     user_session = db.relationship(UserSession)
@@ -319,7 +319,7 @@ class AuthToken(ScopeMixin, BaseMixin, db.Model):
     _user = db.relationship(
         User,
         primaryjoin=user_id == User.id,
-        backref=db.backref('authtokens', lazy='dynamic', cascade='all, delete-orphan'),
+        backref=db.backref('authtokens', lazy='dynamic', cascade='all'),
     )
     #: The session in which this token was issued, null for confidential clients
     user_session_id = db.Column(None, db.ForeignKey('user_session.id'), nullable=True)
@@ -333,7 +333,7 @@ class AuthToken(ScopeMixin, BaseMixin, db.Model):
     auth_client = db.relationship(
         AuthClient,
         primaryjoin=auth_client_id == AuthClient.id,
-        backref=db.backref('authtokens', lazy='dynamic', cascade='all, delete-orphan'),
+        backref=db.backref('authtokens', lazy='dynamic', cascade='all'),
     )
     #: The token
     token = db.Column(db.String(22), default=buid, nullable=False, unique=True)
@@ -466,8 +466,8 @@ def get_for(cls, auth_client, user=None, user_session=None):
                 auth_client=auth_client, user_session=user_session
             ).one_or_none()
 
-    @classmethod  # NOQA: A003
-    def all(cls, users):
+    @classmethod
+    def all(cls, users):  # NOQA: A003
         """
         Return all AuthToken for the specified users.
         """
@@ -501,7 +501,7 @@ class AuthClientUserPermissions(BaseMixin, db.Model):
     user = db.relationship(
         User,
         primaryjoin=user_id == User.id,
-        backref=db.backref('client_permissions', cascade='all, delete-orphan'),
+        backref=db.backref('client_permissions', cascade='all'),
     )
     #: AuthClient app they are assigned on
     auth_client_id = db.Column(
@@ -510,7 +510,7 @@ class AuthClientUserPermissions(BaseMixin, db.Model):
     auth_client = db.relationship(
         AuthClient,
         primaryjoin=auth_client_id == AuthClient.id,
-        backref=db.backref('user_permissions', cascade='all, delete-orphan'),
+        backref=db.backref('user_permissions', cascade='all'),
     )
     #: The permissions as a string of tokens
     access_permissions = db.Column(
@@ -565,7 +565,7 @@ class AuthClientTeamPermissions(BaseMixin, db.Model):
     team = db.relationship(
         Team,
         primaryjoin=team_id == Team.id,
-        backref=db.backref('client_permissions', cascade='all, delete-orphan'),
+        backref=db.backref('client_permissions', cascade='all'),
     )
     #: AuthClient app they are assigned on
     auth_client_id = db.Column(
@@ -574,7 +574,7 @@ class AuthClientTeamPermissions(BaseMixin, db.Model):
     auth_client = db.relationship(
         AuthClient,
         primaryjoin=auth_client_id == AuthClient.id,
-        backref=db.backref('team_permissions', cascade='all, delete-orphan'),
+        backref=db.backref('team_permissions', cascade='all'),
     )
     #: The permissions as a string of tokens
     access_permissions = db.Column(
diff --git a/funnel/models/commentvote.py b/funnel/models/commentvote.py
index 30edb0770..a1a6a93d0 100644
--- a/funnel/models/commentvote.py
+++ b/funnel/models/commentvote.py
@@ -73,13 +73,13 @@ class Vote(BaseMixin, db.Model):
     user = db.relationship(
         User,
         primaryjoin=user_id == User.id,
-        backref=db.backref('votes', lazy='dynamic', cascade="all, delete-orphan"),
+        backref=db.backref('votes', lazy='dynamic', cascade='all'),
     )
     voteset_id = db.Column(None, db.ForeignKey('voteset.id'), nullable=False)
     voteset = db.relationship(
         Voteset,
         primaryjoin=voteset_id == Voteset.id,
-        backref=db.backref('votes', cascade="all, delete-orphan"),
+        backref=db.backref('votes', cascade='all'),
     )
     votedown = db.Column(db.Boolean, default=False, nullable=False)
 
@@ -119,18 +119,18 @@ class Comment(UuidMixin, BaseMixin, db.Model):
     user = db.relationship(
         User,
         primaryjoin=user_id == User.id,
-        backref=db.backref('comments', lazy='dynamic', cascade="all, delete-orphan"),
+        backref=db.backref('comments', lazy='dynamic', cascade='all'),
     )
     commentset_id = db.Column(None, db.ForeignKey('commentset.id'), nullable=False)
     commentset = db.relationship(
         Commentset,
         primaryjoin=commentset_id == Commentset.id,
-        backref=db.backref('comments', cascade="all, delete-orphan"),
+        backref=db.backref('comments', cascade='all'),
     )
 
     parent_id = db.Column(None, db.ForeignKey('comment.id'), nullable=True)
     children = db.relationship(
-        "Comment", backref=db.backref("parent", remote_side="Comment.id")
+        'Comment', backref=db.backref('parent', remote_side='Comment.id')
     )
 
     message = MarkdownColumn('message', nullable=False)
@@ -227,5 +227,13 @@ def permissions(self, user, inherited=None):
                 perms.update(['edit_comment', 'delete_comment'])
         return perms
 
+    def roles_for(self, actor=None, anchors=()):
+        roles = super(Comment, self).roles_for(actor, anchors)
+        roles.add('reader')
+        if actor is not None:
+            if actor == self.user:
+                roles.add('author')
+        return roles
+
 
 add_search_trigger(Comment, 'search_vector')
diff --git a/funnel/models/event.py b/funnel/models/event.py
index e78064978..358efd8ee 100644
--- a/funnel/models/event.py
+++ b/funnel/models/event.py
@@ -3,6 +3,8 @@
 import base64
 import os
 
+from sqlalchemy.ext.associationproxy import association_proxy
+
 from . import BaseMixin, BaseScopedNameMixin, UuidMixin, db, with_roles
 from .project import Project
 from .user import User
@@ -84,15 +86,24 @@ class Event(ScopedNameTitleMixin, db.Model):
     __tablename__ = 'event'
 
     project_id = db.Column(None, db.ForeignKey('project.id'), nullable=False)
-    project = db.relationship(
-        Project, backref=db.backref('events', cascade='all, delete-orphan')
-    )
+    project = db.relationship(Project, backref=db.backref('events', cascade='all'))
     parent = db.synonym('project')
     ticket_types = db.relationship('TicketType', secondary=event_ticket_type)
     participants = db.relationship(
         'Participant', secondary='attendee', backref='events', lazy='dynamic'
     )
     badge_template = db.Column(db.Unicode(250), nullable=True)
+
+    project_editors = with_roles(
+        association_proxy('project', 'editors'), grants={'project_editor'}
+    )
+    project_concierges = with_roles(
+        association_proxy('project', 'concierges'), grants={'project_concierge'}
+    )
+    project_ushers = with_roles(
+        association_proxy('project', 'ushers'), grants={'project_usher'}
+    )
+
     __table_args__ = (
         db.UniqueConstraint('project_id', 'name'),
         db.UniqueConstraint('project_id', 'title'),
@@ -109,10 +120,21 @@ class TicketType(ScopedNameTitleMixin, db.Model):
 
     project_id = db.Column(None, db.ForeignKey('project.id'), nullable=False)
     project = db.relationship(
-        Project, backref=db.backref('ticket_types', cascade='all, delete-orphan')
+        Project, backref=db.backref('ticket_types', cascade='all')
     )
     parent = db.synonym('project')
     events = db.relationship('Event', secondary=event_ticket_type)
+
+    project_editors = with_roles(
+        association_proxy('project', 'editors'), grants={'project_editor'}
+    )
+    project_concierges = with_roles(
+        association_proxy('project', 'concierges'), grants={'project_concierge'}
+    )
+    project_ushers = with_roles(
+        association_proxy('project', 'ushers'), grants={'project_usher'}
+    )
+
     __table_args__ = (
         db.UniqueConstraint('project_id', 'name'),
         db.UniqueConstraint('project_id', 'title'),
@@ -169,17 +191,23 @@ class Participant(UuidMixin, BaseMixin, db.Model):
     )
     badge_printed = db.Column(db.Boolean, default=False, nullable=False)
     user_id = db.Column(None, db.ForeignKey('user.id'), nullable=True)
-    user = db.relationship(
-        User, backref=db.backref('participants', cascade='all, delete-orphan')
-    )
+    user = db.relationship(User, backref=db.backref('participants', cascade='all'))
     project_id = db.Column(None, db.ForeignKey('project.id'), nullable=False)
     project = with_roles(
-        db.relationship(
-            Project, backref=db.backref('participants', cascade='all, delete-orphan')
-        ),
+        db.relationship(Project, backref=db.backref('participants', cascade='all')),
         read={'concierge', 'subject', 'scanner'},
     )
 
+    project_editors = with_roles(
+        association_proxy('project', 'editors'), grants={'project_editor'}
+    )
+    project_concierges = with_roles(
+        association_proxy('project', 'concierges'), grants={'project_concierge'}
+    )
+    project_ushers = with_roles(
+        association_proxy('project', 'ushers'), grants={'project_usher'}
+    )
+
     __table_args__ = (db.UniqueConstraint('project_id', 'email'),)
 
     def roles_for(self, actor, anchors=()):
@@ -268,12 +296,10 @@ class Attendee(BaseMixin, db.Model):
 
     participant_id = db.Column(None, db.ForeignKey('participant.id'), nullable=False)
     participant = db.relationship(
-        Participant, backref=db.backref('attendees', cascade='all, delete-orphan')
+        Participant, backref=db.backref('attendees', cascade='all')
     )
     event_id = db.Column(None, db.ForeignKey('event.id'), nullable=False)
-    event = db.relationship(
-        Event, backref=db.backref('attendees', cascade='all, delete-orphan')
-    )
+    event = db.relationship(Event, backref=db.backref('attendees', cascade='all'))
     checked_in = db.Column(db.Boolean, default=False, nullable=False)
 
     __table_args__ = (db.UniqueConstraint('event_id', 'participant_id'),)
@@ -298,7 +324,17 @@ class TicketClient(BaseMixin, db.Model):
     client_access_token = db.Column(db.Unicode(80), nullable=False)
     project_id = db.Column(None, db.ForeignKey('project.id'), nullable=False)
     project = db.relationship(
-        Project, backref=db.backref('ticket_clients', cascade='all, delete-orphan')
+        Project, backref=db.backref('ticket_clients', cascade='all')
+    )
+
+    project_editors = with_roles(
+        association_proxy('project', 'editors'), grants={'project_editor'}
+    )
+    project_concierges = with_roles(
+        association_proxy('project', 'concierges'), grants={'project_concierge'}
+    )
+    project_ushers = with_roles(
+        association_proxy('project', 'ushers'), grants={'project_usher'}
     )
 
     def import_from_list(self, ticket_list):
@@ -360,19 +396,19 @@ class SyncTicket(BaseMixin, db.Model):
     order_no = db.Column(db.Unicode(80), nullable=False)
     ticket_type_id = db.Column(None, db.ForeignKey('ticket_type.id'), nullable=False)
     ticket_type = db.relationship(
-        TicketType, backref=db.backref('sync_tickets', cascade='all, delete-orphan')
+        TicketType, backref=db.backref('sync_tickets', cascade='all')
     )
     participant_id = db.Column(None, db.ForeignKey('participant.id'), nullable=False)
     participant = db.relationship(
         Participant,
         primaryjoin=participant_id == Participant.id,
-        backref=db.backref('sync_tickets', cascade="all, delete-orphan"),
+        backref=db.backref('sync_tickets', cascade='all'),
     )
     ticket_client_id = db.Column(
         None, db.ForeignKey('ticket_client.id'), nullable=False
     )
     ticket_client = db.relationship(
-        TicketClient, backref=db.backref('sync_tickets', cascade='all, delete-orphan')
+        TicketClient, backref=db.backref('sync_tickets', cascade='all')
     )
     __table_args__ = (db.UniqueConstraint('ticket_client_id', 'order_no', 'ticket_no'),)
 
diff --git a/funnel/models/label.py b/funnel/models/label.py
index a81336ce5..90b4d569d 100644
--- a/funnel/models/label.py
+++ b/funnel/models/label.py
@@ -1,9 +1,12 @@
 # -*- coding: utf-8 -*-
 
+from sqlalchemy.ext.associationproxy import association_proxy
 from sqlalchemy.ext.hybrid import hybrid_property
 from sqlalchemy.ext.orderinglist import ordering_list
 from sqlalchemy.sql import case, exists
 
+from coaster.sqlalchemy import with_roles
+
 from . import BaseScopedNameMixin, TSVectorType, db
 from .helpers import add_search_trigger
 from .project import Project
@@ -106,6 +109,16 @@ class Label(BaseScopedNameMixin, db.Model):
     #: Proposals that this label is attached to
     proposals = db.relationship(Proposal, secondary=proposal_label, backref='labels')
 
+    project_editors = with_roles(
+        association_proxy('project', 'editors'), grants={'project_editor'}
+    )
+    project_concierges = with_roles(
+        association_proxy('project', 'concierges'), grants={'project_concierge'}
+    )
+    project_ushers = with_roles(
+        association_proxy('project', 'ushers'), grants={'project_usher'}
+    )
+
     __table_args__ = (
         db.UniqueConstraint('project_id', 'name'),
         db.Index('ix_label_search_vector', 'search_vector', postgresql_using='gin'),
@@ -239,11 +252,6 @@ def __repr__(self):
         else:
             return "<Label %s>" % self.name
 
-    def roles_for(self, actor=None, anchors=()):
-        roles = super(Label, self).roles_for(actor, anchors)
-        roles.update(self.project.roles_for(actor, anchors))
-        return roles
-
     def apply_to(self, proposal):
         if self.has_options:
             raise ValueError("This label requires one of its options to be used")
diff --git a/funnel/models/membership.py b/funnel/models/membership.py
new file mode 100644
index 000000000..3c2c0fce1
--- /dev/null
+++ b/funnel/models/membership.py
@@ -0,0 +1,161 @@
+# -*- coding: utf-8 -*-
+
+from sqlalchemy.ext.declarative import declared_attr
+from sqlalchemy.ext.hybrid import hybrid_property
+
+from baseframe import __
+from coaster.sqlalchemy import StateManager, immutable, with_roles
+from coaster.utils import LabeledEnum
+
+from . import BaseMixin, UuidMixin, db
+from .user import User
+
+
+class MEMBERSHIP_RECORD_TYPE(LabeledEnum):  # NOQA: N801
+    INVITE = (0, 'invite', __("Invite"))
+    ACCEPT = (1, 'accept', __("Accept"))
+    DIRECT_ADD = (2, 'direct_add', __("Direct add"))
+    AMEND = (3, 'amend', __("Amend"))
+
+
+class ImmutableMembershipMixin(UuidMixin, BaseMixin):
+    """
+    Support class for immutable memberships
+    """
+
+    __uuid_primary_key__ = True
+    #: List of columns that will be copied into a new row when a membership is amended
+    __data_columns__ = ()
+    #: Parent column (override as synonym of 'profile_id' or 'project_id' in the subclasses)
+    parent_id = None
+
+    #: Start time of membership, ordinarily a mirror of created_at except
+    #: for records created when the member table was added to the database
+    granted_at = immutable(
+        db.Column(db.TIMESTAMP(timezone=True), nullable=False, default=db.func.utcnow())
+    )
+    #: End time of membership, ordinarily a mirror of updated_at
+    revoked_at = db.Column(db.TIMESTAMP(timezone=True), nullable=True)
+    #: Record type
+    record_type = immutable(
+        db.Column(
+            db.Integer,
+            StateManager.check_constraint('record_type', MEMBERSHIP_RECORD_TYPE),
+            default=MEMBERSHIP_RECORD_TYPE.DIRECT_ADD,
+            nullable=False,
+        )
+    )
+
+    @declared_attr
+    def user_id(cls):
+        return db.Column(
+            None,
+            db.ForeignKey('user.id', ondelete='CASCADE'),
+            nullable=False,
+            index=True,
+        )
+
+    @declared_attr
+    def user(cls):
+        return db.relationship(User, foreign_keys=[cls.user_id])
+
+    @declared_attr
+    def revoked_by_id(cls):
+        """Id of user who revoked the membership"""
+        return db.Column(
+            None, db.ForeignKey('user.id', ondelete='SET NULL'), nullable=True
+        )
+
+    @declared_attr
+    def revoked_by(cls):
+        """User who revoked the membership"""
+        return db.relationship(User, foreign_keys=[cls.revoked_by_id])
+
+    @declared_attr
+    def granted_by_id(cls):
+        """
+        Id of user who assigned the membership.
+
+        This is nullable only for historical data. New records always require a value for granted_by
+        """
+        return db.Column(
+            None, db.ForeignKey('user.id', ondelete='SET NULL'), nullable=True
+        )
+
+    @declared_attr
+    def granted_by(cls):
+        """User who assigned the membership"""
+        return db.relationship(User, foreign_keys=[cls.granted_by_id])
+
+    @hybrid_property
+    def is_active(self):
+        return (
+            self.revoked_at is None
+            and self.record_type != MEMBERSHIP_RECORD_TYPE.INVITE
+        )
+
+    @is_active.expression
+    def is_active(cls):  # NOQA: N805
+        return db.and_(
+            cls.revoked_at.is_(None), cls.record_type != MEMBERSHIP_RECORD_TYPE.INVITE
+        )
+
+    @hybrid_property
+    def is_invite(self):
+        return self.record_type == MEMBERSHIP_RECORD_TYPE.INVITE
+
+    @declared_attr
+    def __table_args__(cls):
+        return (
+            db.Index(
+                'ix_' + cls.__tablename__ + '_active',
+                cls.parent_id.name,
+                'user_id',
+                unique=True,
+                postgresql_where=db.text('revoked_at IS NULL'),
+            ),
+        )
+
+    def offered_roles(self):
+        """Roles offered by this membership record"""
+        return set()
+
+    # Subclasses must gate these methods in __roles__
+
+    @with_roles(call={'subject', 'editor'})
+    def revoke(self, actor):
+        if self.revoked_at is not None:
+            raise TypeError("This membership record has already been revoked")
+        self.revoked_at = db.func.utcnow()
+        self.revoked_by = actor
+
+    @with_roles(call={'editor'})
+    def replace(self, actor, **roles):
+        if self.revoked_at is not None:
+            raise TypeError("This membership record has already been revoked")
+        if not set(roles.keys()).issubset(self.__data_columns__):
+            raise AttributeError("Unknown role")
+        self.revoked_at = db.func.utcnow()
+        self.revoked_by = actor
+        new = type(self)(user=self.user, parent=self.parent, granted_by=self.granted_by)
+
+        # if existing record type is INVITE, replace it with ACCEPT,
+        # else, replace it with AMEND.
+        if self.record_type == MEMBERSHIP_RECORD_TYPE.INVITE:
+            new.record_type = MEMBERSHIP_RECORD_TYPE.ACCEPT
+        else:
+            new.record_type = MEMBERSHIP_RECORD_TYPE.AMEND
+
+        for column in self.__data_columns__:
+            if column in roles:
+                setattr(new, column, roles[column])
+            else:
+                setattr(new, column, getattr(self, column))
+        db.session.add(new)
+        return new
+
+    @with_roles(call={'subject'})
+    def accept(self, actor):
+        if self.record_type != MEMBERSHIP_RECORD_TYPE.INVITE:
+            raise TypeError("This membership record is not an invite")
+        return self.replace(actor)
diff --git a/funnel/models/organization_membership.py b/funnel/models/organization_membership.py
new file mode 100644
index 000000000..08715cf64
--- /dev/null
+++ b/funnel/models/organization_membership.py
@@ -0,0 +1,153 @@
+# -*- coding: utf-8 -*-
+
+from coaster.sqlalchemy import DynamicAssociationProxy, immutable, with_roles
+
+from . import db
+from .membership import ImmutableMembershipMixin
+from .user import Organization, User
+
+__all__ = ['OrganizationMembership']
+
+
+class OrganizationMembership(ImmutableMembershipMixin, db.Model):
+    """
+    A user can be an administrator of an organization and optionally an owner.
+    Owners can manage other administrators. This model may introduce non-admin
+    memberships in a future iteration by replacing :attr:`is_owner` with
+    :attr:`member_level` or distinct role flags as in :class:`ProjectMembership`.
+    """
+
+    __tablename__ = 'organization_membership'
+
+    # List of role columns in this model
+    __data_columns__ = ('is_owner',)
+
+    __roles__ = {'all': {'read': {'urls', 'user', 'is_owner', 'organization'}}}
+
+    #: Organization that this membership is being granted on
+    organization_id = immutable(
+        db.Column(
+            None, db.ForeignKey('organization.id', ondelete='CASCADE'), nullable=False
+        )
+    )
+    organization = immutable(
+        db.relationship(
+            Organization,
+            backref=db.backref(
+                'memberships', lazy='dynamic', cascade='all', passive_deletes=True
+            ),
+        )
+    )
+    parent = immutable(db.synonym('organization'))
+    parent_id = immutable(db.synonym('organization_id'))
+
+    # Organization roles:
+    is_owner = immutable(db.Column(db.Boolean, nullable=False, default=False))
+
+    def offered_roles(self):
+        """Roles offered by this membership record"""
+        roles = {'admin'}
+        if self.is_owner:
+            roles.add('owner')
+        return roles
+
+    def roles_for(self, actor, anchors=()):
+        """Roles available to the specified actor and anchors"""
+        roles = super().roles_for(actor, anchors)
+        org_roles = self.organization.roles_for(actor, anchors)
+        if 'admin' in org_roles:
+            roles.add('profile_admin')
+        if 'owner' in org_roles:
+            roles.add('profile_owner')
+        return roles
+
+
+# Add active membership relationships to Organization and User
+# Organization.active_memberships is a future possibility. For now just admin and owner
+
+Organization.active_admin_memberships = db.relationship(
+    OrganizationMembership,
+    lazy='dynamic',
+    primaryjoin=db.and_(
+        db.remote(OrganizationMembership.organization_id) == Organization.id,
+        OrganizationMembership.is_active,
+    ),
+    order_by=lambda: OrganizationMembership.granted_at.asc(),
+    viewonly=True,
+)
+
+Organization.active_owner_memberships = db.relationship(
+    OrganizationMembership,
+    lazy='dynamic',
+    primaryjoin=db.and_(
+        db.remote(OrganizationMembership.organization_id) == Organization.id,
+        OrganizationMembership.is_active,
+        OrganizationMembership.is_owner.is_(True),
+    ),
+    viewonly=True,
+)
+
+Organization.active_invitations = db.relationship(
+    OrganizationMembership,
+    lazy='dynamic',
+    primaryjoin=db.and_(
+        db.remote(OrganizationMembership.organization_id) == Organization.id,
+        OrganizationMembership.is_invite,
+        ~OrganizationMembership.is_active,
+    ),
+    viewonly=True,
+)
+
+
+Organization.owner_users = with_roles(
+    DynamicAssociationProxy('active_owner_memberships', 'user'),
+    grants={'owner', 'admin'},
+)
+
+Organization.admin_users = with_roles(
+    DynamicAssociationProxy('active_admin_memberships', 'user'), grants={'admin'}
+)
+
+
+# User.active_organization_memberships is a future possibility.
+# For now just admin and owner
+
+User.active_organization_admin_memberships = db.relationship(
+    OrganizationMembership,
+    lazy='dynamic',
+    primaryjoin=db.and_(
+        db.remote(OrganizationMembership.user_id) == User.id,
+        OrganizationMembership.is_active,
+    ),
+    viewonly=True,
+)
+
+User.active_organization_owner_memberships = db.relationship(
+    OrganizationMembership,
+    lazy='dynamic',
+    primaryjoin=db.and_(
+        db.remote(OrganizationMembership.user_id) == User.id,
+        OrganizationMembership.is_active,
+        OrganizationMembership.is_owner.is_(True),
+    ),
+    viewonly=True,
+)
+
+User.active_organization_invitations = db.relationship(
+    OrganizationMembership,
+    lazy='dynamic',
+    primaryjoin=db.and_(
+        db.remote(OrganizationMembership.user_id) == User.id,
+        OrganizationMembership.is_invite,
+        ~OrganizationMembership.is_active,
+    ),
+    viewonly=True,
+)
+
+User.organizations_as_owner = DynamicAssociationProxy(
+    'active_organization_owner_memberships', 'organization'
+)
+
+User.organizations_as_owner = DynamicAssociationProxy(
+    'active_organization_admin_memberships', 'organization'
+)
diff --git a/funnel/models/profile.py b/funnel/models/profile.py
index ed8ac0848..fdad7563d 100644
--- a/funnel/models/profile.py
+++ b/funnel/models/profile.py
@@ -82,12 +82,6 @@ class Profile(UuidMixin, BaseMixin, db.Model):
     )
     state = StateManager('_state', PROFILE_STATE, doc="Current state of the profile")
 
-    # TODO: Deprecate this and assume only owners have rights, until membership
-    admin_team_id = db.Column(
-        None, db.ForeignKey('team.id', ondelete='SET NULL'), nullable=True
-    )
-    admin_team = db.relationship('Team')
-
     description = MarkdownColumn('description', default='', nullable=False)
     logo_url = db.Column(UrlType, nullable=True)
     #: Legacy profiles are available via funnelapp, non-legacy in the main app
@@ -155,6 +149,15 @@ def title(self):
         else:
             return ''
 
+    @title.setter
+    def title(self, value):
+        if self.user:
+            self.user.fullname = value
+        elif self.organization:
+            self.organization.title = value
+        else:
+            raise ValueError("Reserved profiles do not have titles")
+
     @title.expression
     def title(cls):  # NOQA: N805
         return db.case(
@@ -179,10 +182,31 @@ def title(cls):  # NOQA: N805
             else_='',
         )
 
+    # TODO: Remove this form helper and make views for explicitly toggling visibility
+    @property
+    def is_public_profile(self):
+        return bool(self.state.PUBLIC)
+
+    @is_public_profile.setter
+    def is_public_profile(self, value):
+        if not value and self.state.PUBLIC:
+            self.make_private()
+        elif value and not self.state.PUBLIC:
+            self.make_public()
+
+    def roles_for(self, actor, anchors=()):
+        if self.owner:
+            roles = self.owner.roles_for(actor, anchors)
+        else:
+            roles = super().roles_for(actor, anchors)
+        if self.state.PUBLIC:
+            roles.add('reader')
+        return roles
+
     @classmethod
     def get(cls, name):
         return cls.query.filter(
-            db.func.lower(Profile.name) == db.func.lower(name), cls.state.PUBLIC
+            db.func.lower(Profile.name) == db.func.lower(name)
         ).one_or_none()
 
     @classmethod
@@ -260,32 +284,13 @@ def teams(self):
     def permissions(self, user, inherited=None):
         perms = super(Profile, self).permissions(user, inherited)
         perms.add('view')
-        if user:
-            if (
-                self.user == user
-                or (self.organization and user in self.organization.owners.users)
-                # TODO: Deprecated, remove admin_team
-                or (self.admin_team and user in self.admin_team.users)
-            ):
-                perms.add('edit-profile')
-                perms.add('new_project')
-                perms.add('delete-project')
-                perms.add('edit_project')
+        if 'admin' in self.roles_for(user):
+            perms.add('edit-profile')
+            perms.add('new_project')
+            perms.add('delete-project')
+            perms.add('edit_project')
         return perms
 
-    def roles_for(self, actor=None, anchors=()):
-        roles = super(Profile, self).roles_for(actor, anchors)
-        if (
-            actor is not None
-            and self.organization is not None
-            and actor in self.organization.owners.users
-        ):
-            roles.add('owner')
-            roles.add('admin')
-        if actor is not None and self.admin_team in actor.teams:
-            roles.add('admin')
-        return roles
-
     @with_roles(call={'owner'})
     @state.transition(None, state.PUBLIC, title=__("Make public"))
     def make_public(self):
diff --git a/funnel/models/project.py b/funnel/models/project.py
index 76259dabe..fbfd83917 100644
--- a/funnel/models/project.py
+++ b/funnel/models/project.py
@@ -31,7 +31,7 @@
 from .commentvote import SET_TYPE, Commentset, Voteset
 from .helpers import RESERVED_NAMES, add_search_trigger
 from .profile import Profile
-from .user import Team, User
+from .user import User
 
 __all__ = ['Project', 'ProjectLocation', 'ProjectRedirect']
 
@@ -72,12 +72,11 @@ class Project(UuidMixin, BaseScopedNameMixin, db.Model):
     user = db.relationship(
         User,
         primaryjoin=user_id == User.id,
-        backref=db.backref('projects', cascade='all, delete-orphan'),
+        backref=db.backref('projects', cascade='all'),
     )
     profile_id = db.Column(None, db.ForeignKey('profile.id'), nullable=False)
     profile = db.relationship(
-        'Profile',
-        backref=db.backref('projects', cascade='all, delete-orphan', lazy='dynamic'),
+        'Profile', backref=db.backref('projects', cascade='all', lazy='dynamic')
     )
     parent = db.synonym('profile')
     tagline = db.Column(db.Unicode(250), nullable=False)
@@ -139,21 +138,6 @@ class Project(UuidMixin, BaseScopedNameMixin, db.Model):
     commentset_id = db.Column(None, db.ForeignKey('commentset.id'), nullable=False)
     commentset = db.relationship(Commentset, uselist=False)
 
-    admin_team_id = db.Column(
-        None, db.ForeignKey('team.id', ondelete='SET NULL'), nullable=True
-    )
-    admin_team = db.relationship(Team, foreign_keys=[admin_team_id])
-
-    review_team_id = db.Column(
-        None, db.ForeignKey('team.id', ondelete='SET NULL'), nullable=True
-    )
-    review_team = db.relationship(Team, foreign_keys=[review_team_id])
-
-    checkin_team_id = db.Column(
-        None, db.ForeignKey('team.id', ondelete='SET NULL'), nullable=True
-    )
-    checkin_team = db.relationship(Team, foreign_keys=[checkin_team_id])
-
     parent_id = db.Column(
         None, db.ForeignKey('project.id', ondelete='SET NULL'), nullable=True
     )
@@ -199,13 +183,13 @@ class Project(UuidMixin, BaseScopedNameMixin, db.Model):
 
     venues = db.relationship(
         'Venue',
-        cascade='all, delete-orphan',
+        cascade='all',
         order_by='Venue.seq',
         collection_class=ordering_list('seq', count_from=1),
     )
     labels = db.relationship(
         'Label',
-        cascade='all, delete-orphan',
+        cascade='all',
         primaryjoin='and_(Label.project_id == Project.id, Label.main_label_id == None, Label._archived == False)',
         order_by='Label.seq',
         collection_class=ordering_list('seq', count_from=1),
@@ -269,6 +253,15 @@ def __init__(self, **kwargs):
         super(Project, self).__init__(**kwargs)
         self.voteset = Voteset(settype=SET_TYPE.PROJECT)
         self.commentset = Commentset(settype=SET_TYPE.PROJECT)
+        # Add the creator as editor and concierge
+        new_membership = ProjectCrewMembership(
+            parent=self,
+            user=self.user,
+            granted_by=self.user,
+            is_editor=True,
+            is_concierge=True,
+        )
+        db.session.add(new_membership)
 
     def __repr__(self):
         return '<Project %s/%s "%s">' % (
@@ -441,7 +434,7 @@ def datelocation(self):
 
     cfp_state.add_state_group('UNAVAILABLE', cfp_state.CLOSED, cfp_state.EXPIRED)
 
-    @with_roles(call={'admin'})
+    @with_roles(call={'editor'})
     @cfp_state.transition(
         cfp_state.OPENABLE,
         cfp_state.PUBLIC,
@@ -452,7 +445,7 @@ def datelocation(self):
     def open_cfp(self):
         pass
 
-    @with_roles(call={'admin'})
+    @with_roles(call={'editor'})
     @cfp_state.transition(
         cfp_state.PUBLIC,
         cfp_state.CLOSED,
@@ -463,7 +456,7 @@ def open_cfp(self):
     def close_cfp(self):
         pass
 
-    @with_roles(call={'admin'})
+    @with_roles(call={'editor'})
     @schedule_state.transition(
         schedule_state.DRAFT,
         schedule_state.PUBLISHED,
@@ -474,7 +467,7 @@ def close_cfp(self):
     def publish_schedule(self):
         pass
 
-    @with_roles(call={'admin'})
+    @with_roles(call={'editor'})
     @schedule_state.transition(
         schedule_state.PUBLISHED,
         schedule_state.DRAFT,
@@ -485,7 +478,7 @@ def publish_schedule(self):
     def unpublish_schedule(self):
         pass
 
-    @with_roles(call={'admin'})
+    @with_roles(call={'editor'})
     @state.transition(
         state.PUBLISHABLE,
         state.PUBLISHED,
@@ -496,7 +489,7 @@ def unpublish_schedule(self):
     def publish(self):
         pass
 
-    @with_roles(call={'admin'})
+    @with_roles(call={'editor'})
     @state.transition(
         state.PUBLISHED,
         state.WITHDRAWN,
@@ -508,7 +501,7 @@ def withdraw(self):
         pass
 
     # Removing Delete feature till we figure out siteadmin feature
-    # @with_roles(call={'admin'})
+    # @with_roles(call={'editor'})
     # @state.transition(
     #     state.DELETABLE, state.DELETED, title=__("Delete project"),
     #     message=__("The project has been deleted"), type='success')
@@ -778,11 +771,7 @@ def permissions(self, user, inherited=None):
         if user is not None:
             if self.cfp_state.OPEN:
                 perms.add('new-proposal')
-            if (
-                (self.admin_team and user in self.admin_team.users)
-                or (self.profile.admin_team and user in self.profile.admin_team.users)
-                or user.owner_of(self.profile)
-            ):
+            if 'editor' in self.roles_for(user):
                 perms.update(
                     [
                         'view_contactinfo',
@@ -813,16 +802,10 @@ def permissions(self, user, inherited=None):
                         'edit-participant',
                         'view-participant',
                         'new-participant',
-                    ]
-                )
-            if self.review_team and user in self.review_team.users:
-                perms.update(
-                    [
                         'view_contactinfo',
                         'confirm-proposal',
                         'view_voteinfo',
                         'view_status',
-                        'edit_proposal',
                         'delete-proposal',
                         'edit-schedule',
                         'new-session',
@@ -834,7 +817,7 @@ def permissions(self, user, inherited=None):
                         'new-participant',
                     ]
                 )
-            if self.checkin_team and user in self.checkin_team.users:
+            if 'usher' in self.roles_for(user):
                 perms.update(['checkin_event'])
         return perms
 
@@ -848,8 +831,8 @@ def all_unsorted(cls, legacy=None):
             projects = projects.join(Profile).filter(Profile.legacy == legacy)
         return projects
 
-    @classmethod  # NOQA: A003
-    def all(cls, legacy=None):
+    @classmethod
+    def all(cls, legacy=None):  # NOQA: A003
         """
         Return currently active events, sorted by date.
         """
@@ -870,16 +853,21 @@ def fetch_sorted(cls, legacy=None):
         return currently_listed_projects
 
     def roles_for(self, actor=None, anchors=()):
-        roles = super(Project, self).roles_for(actor, anchors)
+        roles = super().roles_for(actor, anchors)
+        # https://github.com/hasgeek/funnel/pull/220#discussion_r168718052
+        roles.add('reader')
+
         if actor is not None:
-            if self.admin_team in actor.teams:
-                roles.add('admin')
-            if self.review_team in actor.teams:
-                roles.add('reviewer')
-            roles.add(
-                'reader'
-            )  # https://github.com/hasgeek/funnel/pull/220#discussion_r168718052
-        roles.update(self.profile.roles_for(actor, anchors))
+            profile_roles = self.profile.roles_for(actor, anchors)
+            if 'admin' in profile_roles:
+                roles.add('profile_admin')
+
+            crew_membership = self.active_crew_memberships.filter_by(
+                user=actor
+            ).one_or_none()
+            if crew_membership is not None:
+                roles.update(crew_membership.offered_roles())
+
         return roles
 
     def is_saved_by(self, user):
@@ -907,12 +895,32 @@ def is_saved_by(self, user):
     lazy='dynamic',
     primaryjoin=db.and_(
         Profile.id == Project.profile_id,
+        # TODO: parent projects are deprecated
         Project.parent_id.is_(None),
         db.or_(Project.state.DRAFT, Project.cfp_state.DRAFT),
     ),
 )
 
 
+Profile.draft_projects_for = (
+    lambda self, user: (
+        membership.project
+        for membership in user.projects_as_crew_active_memberships.join(
+            Project, Profile
+        ).filter(
+            # Project is attached to this profile
+            Project.profile_id == self.id,
+            # Project is not a sub-project (TODO: Deprecated, remove this)
+            Project.parent_id.is_(None),
+            # Project is in draft state OR has a draft call for proposals
+            db.or_(Project.state.DRAFT, Project.cfp_state.DRAFT),
+        )
+    )
+    if user
+    else ()
+)
+
+
 class ProjectRedirect(TimestampMixin, db.Model):
     __tablename__ = "project_redirect"
 
@@ -920,7 +928,7 @@ class ProjectRedirect(TimestampMixin, db.Model):
         None, db.ForeignKey('profile.id'), nullable=False, primary_key=True
     )
     profile = db.relationship(
-        'Profile', backref=db.backref('project_redirects', cascade='all, delete-orphan')
+        'Profile', backref=db.backref('project_redirects', cascade='all')
     )
     parent = db.synonym('profile')
     name = db.Column(db.Unicode(250), nullable=False, primary_key=True)
@@ -965,9 +973,7 @@ class ProjectLocation(TimestampMixin, db.Model):
     project_id = db.Column(
         None, db.ForeignKey('project.id'), primary_key=True, nullable=False
     )
-    project = db.relationship(
-        Project, backref=db.backref('locations', cascade='all, delete-orphan')
-    )
+    project = db.relationship(Project, backref=db.backref('locations', cascade='all'))
     #: Geonameid for this project
     geonameid = db.Column(db.Integer, primary_key=True, nullable=False, index=True)
     primary = db.Column(db.Boolean, default=True, nullable=False)
@@ -983,3 +989,4 @@ def __repr__(self):
 # Tail imports
 from .session import Session  # isort:skip
 from .venue import VenueRoom  # isort:skip
+from .project_membership import ProjectCrewMembership  # isort:skip
diff --git a/funnel/models/project_membership.py b/funnel/models/project_membership.py
new file mode 100644
index 000000000..c044682a1
--- /dev/null
+++ b/funnel/models/project_membership.py
@@ -0,0 +1,164 @@
+# -*- coding: utf-8 -*-
+
+from sqlalchemy.ext.declarative import declared_attr
+
+from coaster.sqlalchemy import DynamicAssociationProxy, immutable
+
+from . import db
+from .membership import ImmutableMembershipMixin
+from .project import Project
+from .user import User
+
+__all__ = ['ProjectCrewMembership']
+
+
+class ProjectCrewMembership(ImmutableMembershipMixin, db.Model):
+    """
+    Users can be crew members of projects, with specified access rights.
+    """
+
+    __tablename__ = 'project_crew_membership'
+
+    # List of is_role columns in this model
+    __data_columns__ = ('is_editor', 'is_concierge', 'is_usher')
+
+    __roles__ = {
+        'all': {
+            'read': {'urls', 'user', 'is_editor', 'is_concierge', 'is_usher', 'project'}
+        }
+    }
+
+    project_id = immutable(
+        db.Column(None, db.ForeignKey('project.id', ondelete='CASCADE'), nullable=False)
+    )
+    project = immutable(
+        db.relationship(
+            Project,
+            backref=db.backref(
+                'crew_memberships', lazy='dynamic', cascade='all', passive_deletes=True
+            ),
+        )
+    )
+    parent = immutable(db.synonym('project'))
+    parent_id = immutable(db.synonym('project_id'))
+
+    # Project crew roles (at least one must be True):
+
+    #: Editors can edit all common and editorial details of an event
+    is_editor = db.Column(db.Boolean, nullable=False, default=False)
+    #: Concierges are responsible for logistics and have write access
+    #: to common details plus read access to everything else. Unlike
+    #: editors, they cannot edit the schedule
+    is_concierge = db.Column(db.Boolean, nullable=False, default=False)
+    #: Ushers help participants find their way around an event and have
+    #: the ability to scan badges at the door
+    is_usher = db.Column(db.Boolean, nullable=False, default=False)
+
+    @declared_attr
+    def __table_args__(cls):
+        args = list(super().__table_args__)
+        args.append(
+            db.CheckConstraint(
+                db.or_(
+                    cls.is_editor.is_(True),
+                    cls.is_concierge.is_(True),
+                    cls.is_usher.is_(True),
+                ),
+                name='project_crew_membership_has_role',
+            )
+        )
+        return tuple(args)
+
+    def offered_roles(self):
+        """Roles offered by this membership record"""
+        roles = set()
+        if self.is_editor:
+            roles.add('editor')
+        if self.is_concierge:
+            roles.add('concierge')
+        if self.is_usher:
+            roles.add('usher')
+        return roles
+
+    def roles_for(self, actor=None, anchors=()):
+        roles = super(ProjectCrewMembership, self).roles_for(actor, anchors)
+        if 'editor' in self.project.roles_for(actor, anchors):
+            roles.add('project_editor')
+        if 'admin' in self.project.profile.roles_for(actor, anchors):
+            roles.add('profile_admin')
+        return roles
+
+
+# Project relationships: all crew, vs specific roles
+
+Project.active_crew_memberships = db.relationship(
+    ProjectCrewMembership,
+    lazy='dynamic',
+    primaryjoin=db.and_(
+        ProjectCrewMembership.project_id == Project.id, ProjectCrewMembership.is_active
+    ),
+    viewonly=True,
+)
+
+Project.active_editor_memberships = db.relationship(
+    ProjectCrewMembership,
+    lazy='dynamic',
+    primaryjoin=db.and_(
+        ProjectCrewMembership.project_id == Project.id,
+        ProjectCrewMembership.is_active,
+        ProjectCrewMembership.is_editor.is_(True),
+    ),
+    viewonly=True,
+)
+
+Project.active_concierge_memberships = db.relationship(
+    ProjectCrewMembership,
+    lazy='dynamic',
+    primaryjoin=db.and_(
+        ProjectCrewMembership.project_id == Project.id,
+        ProjectCrewMembership.is_active,
+        ProjectCrewMembership.is_concierge.is_(True),
+    ),
+    viewonly=True,
+)
+
+Project.active_usher_memberships = db.relationship(
+    ProjectCrewMembership,
+    lazy='dynamic',
+    primaryjoin=db.and_(
+        ProjectCrewMembership.project_id == Project.id,
+        ProjectCrewMembership.is_active,
+        ProjectCrewMembership.is_usher.is_(True),
+    ),
+    viewonly=True,
+)
+
+Project.crew = DynamicAssociationProxy('active_crew_memberships', 'user')
+Project.editors = DynamicAssociationProxy('active_editor_memberships', 'user')
+Project.concierges = DynamicAssociationProxy('active_concierge_memberships', 'user')
+Project.ushers = DynamicAssociationProxy('active_usher_memberships', 'user')
+
+# Similarly for users (add as needs come up)
+User.projects_as_crew_active_memberships = db.relationship(
+    ProjectCrewMembership,
+    lazy='dynamic',
+    primaryjoin=db.and_(
+        ProjectCrewMembership.user_id == User.id, ProjectCrewMembership.is_active
+    ),
+    viewonly=True,
+)
+
+User.projects_as_editor_active_memberships = db.relationship(
+    ProjectCrewMembership,
+    lazy='dynamic',
+    primaryjoin=db.and_(
+        ProjectCrewMembership.user_id == User.id,
+        ProjectCrewMembership.is_active,
+        ProjectCrewMembership.is_editor.is_(True),
+    ),
+    viewonly=True,
+)
+
+User.projects_as_editor = DynamicAssociationProxy(
+    'projects_as_editor_active_memberships', 'project'
+)
diff --git a/funnel/models/proposal.py b/funnel/models/proposal.py
index 07ebdfd71..e4b668c76 100644
--- a/funnel/models/proposal.py
+++ b/funnel/models/proposal.py
@@ -1,5 +1,6 @@
 # -*- coding: utf-8 -*-
 
+from sqlalchemy.ext.associationproxy import association_proxy
 from sqlalchemy.ext.hybrid import hybrid_property
 
 from werkzeug.utils import cached_property
@@ -104,10 +105,13 @@ class Proposal(
     __tablename__ = 'proposal'
 
     user_id = db.Column(None, db.ForeignKey('user.id'), nullable=False)
-    user = db.relationship(
-        User,
-        primaryjoin=user_id == User.id,
-        backref=db.backref('proposals', cascade="all, delete-orphan"),
+    user = with_roles(
+        db.relationship(
+            User,
+            primaryjoin=user_id == User.id,
+            backref=db.backref('proposals', cascade='all'),
+        ),
+        grants={'creator'},
     )
 
     speaker_id = db.Column(None, db.ForeignKey('user.id'), nullable=True)
@@ -115,7 +119,7 @@ class Proposal(
         User,
         primaryjoin=speaker_id == User.id,
         lazy='joined',
-        backref=db.backref('speaker_at', cascade="all"),
+        backref=db.backref('speaker_at', cascade='all'),
     )
 
     email = db.Column(db.Unicode(80), nullable=True)
@@ -125,7 +129,7 @@ class Proposal(
     project = db.relationship(
         Project,
         primaryjoin=project_id == Project.id,
-        backref=db.backref('proposals', cascade="all, delete-orphan", lazy='dynamic'),
+        backref=db.backref('proposals', cascade='all', lazy='dynamic'),
     )
     parent = db.synonym('project')
 
@@ -146,11 +150,7 @@ class Proposal(
 
     voteset_id = db.Column(None, db.ForeignKey('voteset.id'), nullable=False)
     voteset = db.relationship(
-        Voteset,
-        uselist=False,
-        lazy='joined',
-        cascade='all, delete-orphan',
-        single_parent=True,
+        Voteset, uselist=False, lazy='joined', cascade='all', single_parent=True
     )
 
     commentset_id = db.Column(None, db.ForeignKey('commentset.id'), nullable=False)
@@ -158,7 +158,7 @@ class Proposal(
         Commentset,
         uselist=False,
         lazy='joined',
-        cascade='all, delete-orphan',
+        cascade='all',
         single_parent=True,
         backref=db.backref('proposal', uselist=False),
     )
@@ -200,6 +200,10 @@ class Proposal(
         )
     )
 
+    project_editors = with_roles(
+        association_proxy('project', 'editors'), grants={'project_editor'}
+    )
+
     __table_args__ = (
         db.UniqueConstraint('project_id', 'url_id'),
         db.Index('ix_proposal_search_vector', 'search_vector', postgresql_using='gin'),
@@ -229,6 +233,7 @@ class Proposal(
             'call': {'url_for'},
         },
         'reviewer': {'read': {'email', 'phone'}},
+        'project_editor': {'read': {'email', 'phone'}},
     }
 
     def __init__(self, **kwargs):
@@ -265,7 +270,7 @@ def _validate_project(self, key, value):
         label=('scheduled', __("Confirmed & Scheduled")),
     )
 
-    @with_roles(call={'speaker', 'proposer'})
+    @with_roles(call={'creator'})
     @state.transition(
         state.AWAITING_DETAILS,
         state.DRAFT,
@@ -276,7 +281,7 @@ def _validate_project(self, key, value):
     def withdraw(self):
         pass
 
-    @with_roles(call={'speaker', 'proposer'})
+    @with_roles(call={'creator'})
     @state.transition(
         state.DRAFT,
         state.SUBMITTED,
@@ -287,7 +292,9 @@ def withdraw(self):
     def submit(self):
         pass
 
-    @with_roles(call={'admin', 'reviewer'})
+    # TODO: remove project_editor once ProposalMembership UI
+    # has been implemented
+    @with_roles(call={'project_editor', 'reviewer'})
     @state.transition(
         state.UNDO_TO_SUBMITTED,
         state.SUBMITTED,
@@ -298,7 +305,7 @@ def submit(self):
     def undo_to_submitted(self):
         pass
 
-    @with_roles(call={'admin'})
+    @with_roles(call={'project_editor', 'reviewer'})
     @state.transition(
         state.CONFIRMABLE,
         state.CONFIRMED,
@@ -309,7 +316,7 @@ def undo_to_submitted(self):
     def confirm(self):
         pass
 
-    @with_roles(call={'admin'})
+    @with_roles(call={'project_editor', 'reviewer'})
     @state.transition(
         state.CONFIRMED,
         state.SUBMITTED,
@@ -320,7 +327,7 @@ def confirm(self):
     def unconfirm(self):
         pass
 
-    @with_roles(call={'admin'})
+    @with_roles(call={'project_editor', 'reviewer'})
     @state.transition(
         state.WAITLISTABLE,
         state.WAITLISTED,
@@ -331,7 +338,7 @@ def unconfirm(self):
     def waitlist(self):
         pass
 
-    @with_roles(call={'admin'})
+    @with_roles(call={'project_editor', 'reviewer'})
     @state.transition(
         state.REJECTABLE,
         state.REJECTED,
@@ -342,7 +349,7 @@ def waitlist(self):
     def reject(self):
         pass
 
-    @with_roles(call={'speaker', 'proposer'})
+    @with_roles(call={'creator'})
     @state.transition(
         state.CANCELLABLE,
         state.CANCELLED,
@@ -353,7 +360,7 @@ def reject(self):
     def cancel(self):
         pass
 
-    @with_roles(call={'admin', 'reviewer'})
+    @with_roles(call={'project_editor', 'reviewer'})
     @state.transition(
         state.SUBMITTED,
         state.AWAITING_DETAILS,
@@ -364,7 +371,7 @@ def cancel(self):
     def awaiting_details(self):
         pass
 
-    @with_roles(call={'admin', 'reviewer'})
+    @with_roles(call={'project_editor', 'reviewer'})
     @state.transition(
         state.EVALUATEABLE,
         state.UNDER_EVALUATION,
@@ -375,7 +382,7 @@ def awaiting_details(self):
     def under_evaluation(self):
         pass
 
-    @with_roles(call={'speaker', 'proposer'})
+    @with_roles(call={'creator'})
     @state.transition(
         state.DELETABLE,
         state.DELETED,
@@ -388,22 +395,22 @@ def delete(self):
 
     # These 3 transitions are not in the editorial workflow anymore - Feb 23 2018
 
-    # @with_roles(call={'admin'})
+    # @with_roles(call={'project_editor'})
     # @state.transition(state.SUBMITTED, state.SHORTLISTED, title=__("Shortlist"), message=__("This proposal has been shortlisted"), type='success')
     # def shortlist(self):
     #     pass
 
-    # @with_roles(call={'admin'})
+    # @with_roles(call={'project_editor'})
     # @state.transition(state.SHORLISTABLE, state.SHORTLISTED_FOR_REHEARSAL, title=__("Shortlist for rehearsal"), message=__("This proposal has been shortlisted for rehearsal"), type='success')
     # def shortlist_for_rehearsal(self):
     #     pass
 
-    # @with_roles(call={'admin'})
+    # @with_roles(call={'project_editor'})
     # @state.transition(state.SHORTLISTED_FOR_REHEARSAL, state.REHEARSAL, title=__("Rehearsal ongoing"), message=__("Rehearsal is now ongoing for this proposal"), type='success')
     # def rehearsal_ongoing(self):
     #     pass
 
-    @with_roles(call={'admin'})
+    @with_roles(call={'project_editor', 'reviewer'})
     def move_to(self, project):
         """
         Move to a new project and reset the url_id
@@ -412,7 +419,7 @@ def move_to(self, project):
         self.url_id = None
         self.make_id()
 
-    @with_roles(call={'admin'})
+    @with_roles(call={'project_editor', 'reviewer'})
     def transfer_to(self, user):
         """
         Transfer the proposal to a new user and speaker
@@ -491,15 +498,19 @@ def permissions(self, user, inherited=None):
 
     def roles_for(self, actor=None, anchors=()):
         roles = super(Proposal, self).roles_for(actor, anchors)
-        if self.owner == actor:
-            roles.update({'owner', 'speaker', 'proposer'})
-        if self.user == actor:
-            roles.add('creator')
-        roles.update(self.project.roles_for(actor, anchors))
-        if self.state.DRAFT and 'reader' in roles:
-            roles.remove(
-                'reader'
-            )  # https://github.com/hasgeek/funnel/pull/220#discussion_r168724439
+
+        if self.state.DRAFT:
+            if 'reader' in roles:
+                # https://github.com/hasgeek/funnel/pull/220#discussion_r168724439
+                roles.remove('reader')
+        else:
+            roles.add('reader')
+
+        active_membership = self.active_memberships.filter_by(user=actor).one_or_none()
+        if active_membership is not None:
+            # this grants either `reviewer` or `speaker`
+            roles.update(active_membership.offered_roles())
+
         return roles
 
 
@@ -515,7 +526,7 @@ class ProposalRedirect(TimestampMixin, db.Model):
     project = db.relationship(
         Project,
         primaryjoin=project_id == Project.id,
-        backref=db.backref('proposal_redirects', cascade="all, delete-orphan"),
+        backref=db.backref('proposal_redirects', cascade='all'),
     )
     parent = db.synonym('project')
     url_id = db.Column(db.Integer, nullable=False, primary_key=True)
diff --git a/funnel/models/proposal_membership.py b/funnel/models/proposal_membership.py
new file mode 100644
index 000000000..760635e35
--- /dev/null
+++ b/funnel/models/proposal_membership.py
@@ -0,0 +1,107 @@
+# -*- coding: utf-8 -*-
+
+from sqlalchemy.ext.declarative import declared_attr
+
+from coaster.sqlalchemy import DynamicAssociationProxy, immutable
+
+from . import db
+from .membership import ImmutableMembershipMixin
+from .proposal import Proposal
+
+__all__ = ['ProposalMembership']
+
+
+class ProposalMembership(ImmutableMembershipMixin, db.Model):
+    """
+    Users can be presenters or reviewers on proposals.
+    """
+
+    __tablename__ = 'proposal_membership'
+
+    # List of is_role columns in this model
+    __data_columns__ = ('is_reviewer', 'is_presenter')
+
+    __roles__ = {
+        'all': {'read': {'urls', 'user', 'is_reviewer', 'is_presenter', 'proposal'}}
+    }
+
+    proposal_id = immutable(
+        db.Column(
+            None, db.ForeignKey('proposal.id', ondelete='CASCADE'), nullable=False
+        )
+    )
+    proposal = immutable(
+        db.relationship(
+            Proposal,
+            backref=db.backref(
+                'memberships', lazy='dynamic', cascade='all', passive_deletes=True
+            ),
+        )
+    )
+    parent = immutable(db.synonym('proposal'))
+    parent_id = immutable(db.synonym('proposal_id'))
+
+    # Proposal roles (at least one must be True):
+
+    #: Reviewers can change state of proposal
+    is_reviewer = db.Column(db.Boolean, nullable=False, default=False)
+    #: Presenters can edit and withdraw proposals
+    is_presenter = db.Column(db.Boolean, nullable=False, default=False)
+
+    @declared_attr
+    def __table_args__(cls):
+        args = list(super().__table_args__)
+        args.append(
+            db.CheckConstraint(
+                db.or_(cls.is_reviewer.is_(True), cls.is_presenter.is_(True)),
+                name='proposal_membership_has_role',
+            )
+        )
+        return tuple(args)
+
+    def offered_roles(self):
+        """Roles offered by this membership record"""
+        roles = set()
+        if self.is_reviewer:
+            roles.add('reviewer')
+        elif self.is_speaker:
+            roles.add('presenter')
+        return roles
+
+
+# Project relationships: all crew, vs specific roles
+
+Proposal.active_memberships = db.relationship(
+    ProposalMembership,
+    lazy='dynamic',
+    primaryjoin=db.and_(
+        ProposalMembership.proposal_id == Proposal.id, ProposalMembership.is_active
+    ),
+    viewonly=True,
+)
+
+Proposal.active_reviewer_memberships = db.relationship(
+    ProposalMembership,
+    lazy='dynamic',
+    primaryjoin=db.and_(
+        ProposalMembership.proposal_id == Proposal.id,
+        ProposalMembership.is_active,
+        ProposalMembership.is_reviewer.is_(True),
+    ),
+    viewonly=True,
+)
+
+Proposal.active_presenter_memberships = db.relationship(
+    ProposalMembership,
+    lazy='dynamic',
+    primaryjoin=db.and_(
+        ProposalMembership.proposal_id == Proposal.id,
+        ProposalMembership.is_active,
+        ProposalMembership.is_presenter.is_(True),
+    ),
+    viewonly=True,
+)
+
+Proposal.members = DynamicAssociationProxy('active_memberships', 'user')
+Proposal.reviewers = DynamicAssociationProxy('active_reviewer_memberships', 'user')
+Proposal.presenters = DynamicAssociationProxy('active_presenters_memberships', 'user')
diff --git a/funnel/models/rsvp.py b/funnel/models/rsvp.py
index b956b01be..a2a2a59af 100644
--- a/funnel/models/rsvp.py
+++ b/funnel/models/rsvp.py
@@ -29,16 +29,14 @@ class Rsvp(TimestampMixin, db.Model):
         None, db.ForeignKey('project.id'), nullable=False, primary_key=True
     )
     project = db.relationship(
-        Project,
-        backref=db.backref('rsvps', cascade='all, delete-orphan', lazy='dynamic'),
+        Project, backref=db.backref('rsvps', cascade='all', lazy='dynamic')
     )
     user_id = db.Column(
         None, db.ForeignKey('user.id'), nullable=False, primary_key=True
     )
     user = with_roles(
         db.relationship(
-            User,
-            backref=db.backref('rsvps', cascade='all, delete-orphan', lazy='dynamic'),
+            User, backref=db.backref('rsvps', cascade='all', lazy='dynamic')
         ),
         grants={'owner'},
     )
diff --git a/funnel/models/session.py b/funnel/models/session.py
index 972d651fe..fd1920c94 100644
--- a/funnel/models/session.py
+++ b/funnel/models/session.py
@@ -28,8 +28,7 @@ class Session(UuidMixin, BaseScopedIdNameMixin, VideoMixin, db.Model):
 
     project_id = db.Column(None, db.ForeignKey('project.id'), nullable=False)
     project = db.relationship(
-        Project,
-        backref=db.backref('sessions', cascade='all, delete-orphan', lazy='dynamic'),
+        Project, backref=db.backref('sessions', cascade='all', lazy='dynamic')
     )
     parent = db.synonym('project')
     description = MarkdownColumn('description', default='', nullable=False)
@@ -38,8 +37,7 @@ class Session(UuidMixin, BaseScopedIdNameMixin, VideoMixin, db.Model):
         None, db.ForeignKey('proposal.id'), nullable=True, unique=True
     )
     proposal = db.relationship(
-        Proposal,
-        backref=db.backref('session', uselist=False, cascade='all, delete-orphan'),
+        Proposal, backref=db.backref('session', uselist=False, cascade='all')
     )
     speaker = db.Column(db.Unicode(200), default=None, nullable=True)
     start_at = db.Column(db.TIMESTAMP(timezone=True), nullable=True, index=True)
diff --git a/funnel/models/user.py b/funnel/models/user.py
index 6e605ab88..d9afe28ae 100644
--- a/funnel/models/user.py
+++ b/funnel/models/user.py
@@ -15,7 +15,7 @@
 import phonenumbers
 
 from baseframe import _, __
-from coaster.sqlalchemy import add_primary_relationship, failsafe_add
+from coaster.sqlalchemy import add_primary_relationship, failsafe_add, with_roles
 from coaster.utils import (
     LabeledEnum,
     md5sum,
@@ -103,7 +103,10 @@ class User(SharedProfileMixin, UuidMixin, BaseMixin, db.Model):
     # XXX: Deprecated, still here for Baseframe compatibility
     userid = db.synonym('buid')
     #: The user's fullname
-    fullname = db.Column(db.Unicode(__title_length__), default='', nullable=False)
+    fullname = with_roles(
+        db.Column(db.Unicode(__title_length__), default='', nullable=False),
+        read={'all'},
+    )
     #: Alias for the user's fullname
     title = db.synonym('fullname')
     #: Bcrypt hash of the user's password
@@ -113,11 +116,13 @@ class User(SharedProfileMixin, UuidMixin, BaseMixin, db.Model):
     #: Expiry date for the password (to prompt user to reset it)
     pw_expires_at = db.Column(db.TIMESTAMP(timezone=True), nullable=True)
     #: User's timezone
-    timezone = db.Column(TimezoneType(backend='pytz'), nullable=True)
+    timezone = with_roles(
+        db.Column(TimezoneType(backend='pytz'), nullable=True), read={'owner'}
+    )
     #: User's status (active, suspended, merged, etc)
     status = db.Column(db.SmallInteger, nullable=False, default=USER_STATUS.ACTIVE)
     #: User avatar (URL to browser-ready image)
-    avatar = db.Column(db.UnicodeText, nullable=True)
+    avatar = with_roles(db.Column(db.UnicodeText, nullable=True), read={'all'})
 
     #: Other user accounts that were merged into this user account
     oldusers = association_proxy('oldids', 'olduser')
@@ -134,10 +139,6 @@ class User(SharedProfileMixin, UuidMixin, BaseMixin, db.Model):
         )
     )
 
-    #: FIXME: Temporary values for Flask-Lastuser compatibility
-    lastuser_token = lastuser_token_scope = lastuser_token_type = None
-    userinfo = {}
-
     __table_args__ = (
         db.Index(
             'ix_user_fullname_lower',
@@ -180,7 +181,8 @@ def name(self, value):
     def name(cls):  # NOQA: N805
         return db.select([Profile.name]).where(Profile.user_id == cls.id).label('name')
 
-    username = db.synonym('name')
+    with_roles(name, read={'all'})
+    username = name
 
     @property
     def is_active(self):
@@ -238,6 +240,7 @@ def profileid(self):
     def displayname(self):
         return self.fullname or self.username or self.buid
 
+    @with_roles(read={'all'})
     @property
     def pickername(self):
         if self.username:
@@ -262,6 +265,7 @@ def del_email(self, email):
             db.session.flush()
             self.primary_email = UserEmail.query.filter_by(user=self).first()
 
+    @with_roles(read={'owner'})
     @cached_property
     def email(self):
         """
@@ -283,6 +287,7 @@ def email(self):
         # to get the email address as a string.
         return ''
 
+    @with_roles(read={'owner'})
     @cached_property
     def phone(self):
         """
@@ -304,58 +309,20 @@ def phone(self):
         # to get the phone number as a string.
         return ''
 
-    def organizations(self):
-        """
-        Return the organizations this user is a member of.
-        """
-        return sorted({team.organization for team in self.teams}, key=lambda o: o.title)
+    def roles_for(self, actor, anchors=()):
+        roles = super().roles_for(actor, anchors)
+        if actor == self:
+            # Owner because the user owns their own account
+            # Admin because it's relevant in the Profile model
+            roles.update({'owner', 'admin'})
+        return roles
 
-    def organizations_owned(self):
-        """
-        Return the organizations this user is an owner of.
-        """
-        return sorted(
-            {
-                team.organization
-                for team in self.teams
-                if team.organization.owners == team
-            },
-            key=lambda o: o.title,
-        )
-
-    def organizations_owned_ids(self):
+    def organizations_as_owner_ids(self):
         """
         Return the database ids of the organizations this user is an owner of. This is used
         for database queries.
         """
-        return list(
-            {
-                team.organization.id
-                for team in self.teams
-                if team.organization.owners == team
-            }
-        )
-
-    def user_organizations_owned_ids(self):
-        # Temp function for Flask-Lastuser
-        return [self.buid] + [o.buid for o in self.organizations_owned()]
-
-    def owner_of(self, profile):
-        # Temp function for Flask-Lastuser
-        return profile.buid in self.user_organizations_owned_ids()
-
-    def organizations_memberof(self):
-        """
-        Return the organizations this user is a member of.
-        """
-        return sorted({team.organization for team in self.teams}, key=lambda o: o.title)
-
-    def organizations_memberof_ids(self):
-        """
-        Return the database ids of the organizations this user is a member of. This is used
-        for database queries.
-        """
-        return list({team.organization.id for team in self.teams})
+        return [o.id for o in self.organizations_as_owner]
 
     def is_profile_complete(self):
         """
@@ -364,16 +331,6 @@ def is_profile_complete(self):
         """
         return bool(self.fullname and self.username and self.email)
 
-    def clients_with_team_access(self):
-        """
-        Return a list of clients with access to the user's organizations' teams.
-        """
-        return [
-            token.auth_client
-            for token in self.authtokens
-            if {'*', 'teams', 'teams/*'}.intersection(token.effective_scope)
-        ]
-
     @classmethod
     def get(cls, username=None, buid=None, userid=None, defercols=False):
         """
@@ -401,8 +358,10 @@ def get(cls, username=None, buid=None, userid=None, defercols=False):
         if user and user.is_active:
             return user
 
-    @classmethod  # NOQA: A003
-    def all(cls, buids=None, userids=None, usernames=None, defercols=False):
+    @classmethod
+    def all(  # NOQA: A003
+        cls, buids=None, userids=None, usernames=None, defercols=False
+    ):
         """
         Return all matching users.
 
@@ -541,7 +500,7 @@ class UserOldId(UuidMixin, BaseMixin, db.Model):
     user = db.relationship(
         User,
         primaryjoin=user_id == User.id,
-        backref=db.backref('oldids', cascade='all, delete-orphan'),
+        backref=db.backref('oldids', cascade='all'),
     )
 
     def __repr__(self):
@@ -592,7 +551,10 @@ class Organization(SharedProfileMixin, UuidMixin, BaseMixin, db.Model):
         cascade='all',
         post_update=True,
     )  # No delete-orphan cascade here
-    title = db.Column(db.Unicode(__title_length__), default='', nullable=False)
+    title = with_roles(
+        db.Column(db.Unicode(__title_length__), default='', nullable=False),
+        read={'all'},
+    )
     #: Deprecated, but column preserved for existing data until migration
     description = deferred(db.Column(db.UnicodeText, default='', nullable=False))
 
@@ -616,9 +578,15 @@ class Organization(SharedProfileMixin, UuidMixin, BaseMixin, db.Model):
 
     _defercols = [defer('created_at'), defer('updated_at')]
 
-    def __init__(self, *args, **kwargs):
+    def __init__(self, owner, *args, **kwargs):
         super(Organization, self).__init__(*args, **kwargs)
         self.make_teams()
+        self.owners.users.append(owner)
+        db.session.add(
+            OrganizationMembership(
+                organization=self, user=owner, granted_by=owner, is_owner=True
+            )
+        )
 
     @hybrid_property
     def name(self):
@@ -644,6 +612,8 @@ def name(cls):  # NOQA: N805
             .label('name')
         )
 
+    with_roles(name, read={'all'})
+
     def make_teams(self):
         if self.owners is None:
             self.owners = Team(title=_("Owners"), organization=self)
@@ -653,6 +623,7 @@ def __repr__(self):
             name=self.name or self.buid, title=self.title
         )
 
+    @with_roles(read={'all'})
     @property
     def pickername(self):
         if self.name:
@@ -696,8 +667,8 @@ def get(cls, name=None, buid=None, defercols=False):
             query = query.options(*cls._defercols)
         return query.one_or_none()
 
-    @classmethod  # NOQA: A003
-    def all(cls, buids=None, names=None, defercols=False):
+    @classmethod
+    def all(cls, buids=None, names=None, defercols=False):  # NOQA: A003
         orgs = []
         if buids:
             query = cls.query.filter(cls.buid.in_(buids))
@@ -725,7 +696,7 @@ class Team(UuidMixin, BaseMixin, db.Model):
     organization = db.relationship(
         Organization,
         primaryjoin=organization_id == Organization.id,
-        backref=db.backref('teams', order_by=title, cascade='all, delete-orphan'),
+        backref=db.backref('teams', order_by=title, cascade='all'),
     )
     users = db.relationship(
         User, secondary=team_membership, lazy='dynamic', backref='teams'
@@ -749,13 +720,13 @@ def permissions(self, user, inherited=None):
 
     @classmethod
     def migrate_user(cls, olduser, newuser):
-        for team in olduser.teams:
+        for team in list(olduser.teams):
             if team not in newuser.teams:
                 # FIXME: This creates new memberships, updating `created_at`.
                 # Unfortunately, we can't work with model instances as in the other
                 # `migrate_user` methods as team_membership is an unmapped table.
                 newuser.teams.append(team)
-        olduser.teams = []
+            db.session.delete(team)
         return [cls.__table__.name, team_membership.name]
 
     @classmethod
@@ -781,7 +752,7 @@ class UserEmail(BaseMixin, db.Model):
     user = db.relationship(
         User,
         primaryjoin=user_id == User.id,
-        backref=db.backref('emails', cascade='all, delete-orphan'),
+        backref=db.backref('emails', cascade='all'),
     )
     _email = db.Column('email', db.Unicode(254), unique=True, nullable=False)
     md5sum = db.Column(db.String(32), unique=True, nullable=False)
@@ -882,7 +853,7 @@ class UserEmailClaim(BaseMixin, db.Model):
     user = db.relationship(
         User,
         primaryjoin=user_id == User.id,
-        backref=db.backref('emailclaims', cascade='all, delete-orphan'),
+        backref=db.backref('emailclaims', cascade='all'),
     )
     _email = db.Column('email', db.Unicode(254), nullable=True, index=True)
     verification_code = db.Column(db.String(44), nullable=False, default=newsecret)
@@ -957,8 +928,8 @@ def get_by(cls, md5sum, verification_code):
             md5sum=md5sum, verification_code=verification_code
         ).one_or_none()
 
-    @classmethod  # NOQA: A003
-    def all(cls, email):
+    @classmethod
+    def all(cls, email):  # NOQA: A003
         """
         Return all UserEmailClaim instances with matching email address.
 
@@ -973,7 +944,7 @@ class UserPhone(BaseMixin, db.Model):
     user = db.relationship(
         User,
         primaryjoin=user_id == User.id,
-        backref=db.backref('phones', cascade='all, delete-orphan'),
+        backref=db.backref('phones', cascade='all'),
     )
     _phone = db.Column('phone', db.UnicodeText, unique=True, nullable=False)
     gets_text = db.Column(db.Boolean, nullable=False, default=True)
@@ -1055,7 +1026,7 @@ class UserPhoneClaim(BaseMixin, db.Model):
     user = db.relationship(
         User,
         primaryjoin=user_id == User.id,
-        backref=db.backref('phoneclaims', cascade='all, delete-orphan'),
+        backref=db.backref('phoneclaims', cascade='all'),
     )
     _phone = db.Column('phone', db.UnicodeText, nullable=False, index=True)
     gets_text = db.Column(db.Boolean, nullable=False, default=True)
@@ -1124,8 +1095,8 @@ def get_for(cls, user, phone):
         """
         return cls.query.filter_by(phone=phone, user=user).one_or_none()
 
-    @classmethod  # NOQA: A003
-    def all(cls, phone):
+    @classmethod
+    def all(cls, phone):  # NOQA: A003
         """
         Return all UserPhoneClaim instances with matching phone number.
 
@@ -1169,7 +1140,7 @@ class UserExternalId(BaseMixin, db.Model):
     user = db.relationship(
         User,
         primaryjoin=user_id == User.id,
-        backref=db.backref('externalids', cascade='all, delete-orphan'),
+        backref=db.backref('externalids', cascade='all'),
     )
     service = db.Column(db.UnicodeText, nullable=False)
     userid = db.Column(db.UnicodeText, nullable=False)  # Unique id (or obsolete OpenID)
@@ -1229,3 +1200,4 @@ def permissions(self, user, inherited=None):
 
 # Tail imports
 from .profile import Profile  # isort:skip
+from .organization_membership import OrganizationMembership  # isort:skip
diff --git a/funnel/models/user_session.py b/funnel/models/user_session.py
index 0ebabd26a..50d207343 100644
--- a/funnel/models/user_session.py
+++ b/funnel/models/user_session.py
@@ -3,10 +3,10 @@
 from datetime import timedelta
 
 from flask import request
-from werkzeug.utils import cached_property
 
-from ua_parser import user_agent_parser
+import user_agents
 
+from baseframe import _
 from coaster.utils import buid as make_buid
 from coaster.utils import utcnow
 
@@ -54,10 +54,7 @@ class UserSession(UuidMixin, BaseMixin, db.Model):
 
     user_id = db.Column(None, db.ForeignKey('user.id'), nullable=False)
     user = db.relationship(
-        User,
-        backref=db.backref(
-            'all_user_sessions', cascade='all, delete-orphan', lazy='dynamic'
-        ),
+        User, backref=db.backref('all_user_sessions', cascade='all', lazy='dynamic')
     )
 
     ipaddr = db.Column(db.String(45), nullable=False)
@@ -81,11 +78,12 @@ def access(self, auth_client=None):
         """
         Mark a session as currently active.
 
-        :param auth_client: For API calls from clients, save the client instead of IP address and User-Agent
+        :param auth_client: For API calls from clients, save the client instead of IP
+            address and User-Agent
         """
         # `accessed_at` will be different from the automatic `updated_at` in one
-        # crucial context: when the session was revoked remotely. `accessed_at` won't
-        # be updated at that time.
+        # crucial context: when the session was revoked from a different session.
+        # `accessed_at` won't be updated at that time.
         self.accessed_at = db.func.utcnow()
         with db.session.no_autoflush:
             if auth_client:
@@ -94,7 +92,8 @@ def access(self, auth_client=None):
                 ):  # self.auth_clients is defined via Client.user_sessions
                     self.auth_clients.append(auth_client)
                 else:
-                    # If we've seen this client in this session before, only update the timestamp
+                    # If we've seen this client in this session before, only update the
+                    # timestamp
                     db.session.execute(
                         auth_client_user_session.update()
                         .where(auth_client_user_session.c.user_session_id == self.id)
@@ -107,9 +106,25 @@ def access(self, auth_client=None):
                 self.ipaddr = request.remote_addr or ''
                 self.user_agent = str(request.user_agent.string[:250]) or ''
 
-    @cached_property
-    def ua(self):
-        return user_agent_parser.Parse(self.user_agent)
+    def user_agent_details(self):
+        ua = user_agents.parse(self.user_agent)
+        return {
+            'browser': (ua.browser.family + ' ' + ua.browser.version_string)
+            if ua.browser.family
+            else _("Unknown browser"),
+            'os_device': ua.os.family
+            + ' '
+            + ua.os.version_string
+            + (
+                ' ('
+                + str(ua.device.brand or '')
+                + ' '
+                + str(ua.device.model or '')
+                + ')'
+                if ua.device.family != 'Other'
+                else ''
+            ),
+        }
 
     @property
     def has_sudo(self):
diff --git a/funnel/models/venue.py b/funnel/models/venue.py
index 6a0f0983f..f7e0df3cc 100644
--- a/funnel/models/venue.py
+++ b/funnel/models/venue.py
@@ -1,8 +1,9 @@
 # -*- coding: utf-8 -*-
 
+from sqlalchemy.ext.associationproxy import association_proxy
 from sqlalchemy.ext.orderinglist import ordering_list
 
-from coaster.sqlalchemy import add_primary_relationship
+from coaster.sqlalchemy import add_primary_relationship, with_roles
 
 from . import BaseScopedNameMixin, CoordinatesMixin, MarkdownColumn, UuidMixin, db
 from .project import Project
@@ -26,13 +27,23 @@ class Venue(UuidMixin, BaseScopedNameMixin, CoordinatesMixin, db.Model):
 
     rooms = db.relationship(
         'VenueRoom',
-        cascade='all, delete-orphan',
+        cascade='all',
         order_by='VenueRoom.seq',
         collection_class=ordering_list('seq', count_from=1),
     )
 
     seq = db.Column(db.Integer, nullable=False)
 
+    project_editors = with_roles(
+        association_proxy('project', 'editors'), grants={'project_editor'}
+    )
+    project_concierges = with_roles(
+        association_proxy('project', 'concierges'), grants={'project_concierge'}
+    )
+    project_ushers = with_roles(
+        association_proxy('project', 'ushers'), grants={'project_usher'}
+    )
+
     __table_args__ = (db.UniqueConstraint('project_id', 'name'),)
 
     __roles__ = {
@@ -88,6 +99,16 @@ class VenueRoom(UuidMixin, BaseScopedNameMixin, db.Model):
         primaryjoin='and_(Session.venue_room_id == VenueRoom.id, Session.scheduled)',
     )
 
+    project_editors = with_roles(
+        association_proxy('venue', 'project_editors'), grants={'project_editor'}
+    )
+    project_concierges = with_roles(
+        association_proxy('venue', 'project_concierges'), grants={'project_concierge'}
+    )
+    project_ushers = with_roles(
+        association_proxy('venue', 'project_ushers'), grants={'project_usher'}
+    )
+
     __table_args__ = (db.UniqueConstraint('venue_id', 'name'),)
 
     __roles__ = {
diff --git a/funnel/static/css/app.css b/funnel/static/css/app.css
index bedb0fa05..da2c2e472 100644
--- a/funnel/static/css/app.css
+++ b/funnel/static/css/app.css
@@ -216,6 +216,11 @@ html.touch .collapsible__body--disable {
   margin-bottom: 10px;
 }
 
+.full-width-btn {
+  width: 100%;
+  margin: 0;
+}
+
 .past-events-table {
   border-collapse: collapse;
 }
@@ -1319,6 +1324,78 @@ html.touch .collapsible__body--disable {
   margin-left: 5px;
 }
 
+.modal-form-page .jquery-modal.blocker.current {
+  padding: 0;
+}
+
+.modal-form {
+  min-width: 100%;
+  min-height: 325px;
+  height: 100%;
+  border-radius: 0;
+}
+.modal-form .modal-form__action-box {
+  padding: 20px;
+  position: absolute;
+  bottom: 0;
+  right: 0;
+  left: 0;
+  border-top: 1px solid rgba(132, 146, 166, 0.3);
+  border-bottom: 1px solid rgba(132, 146, 166, 0.3);
+  z-index: 1002;
+}
+.modal-form .modal-form__action-box--revoke {
+  position: absolute;
+  left: 0;
+  right: 0;
+  bottom: 0;
+  padding: 20px;
+}
+.modal-form .modal-form__action-box--revoke .mui-btn.mui-btn--nostyle {
+  text-transform: none;
+}
+.modal-form .mui-form .form-actions {
+  position: absolute;
+  bottom: 0;
+  right: 0;
+  padding: 15px;
+  z-index: 1003;
+}
+
+.modal-form.modal-form--edit .modal-form__action-box,
+.modal-form.modal-form--edit .mui-form .form-actions {
+  bottom: 65px;
+}
+
+@media (min-width: 768px) {
+  .modal-form {
+    min-width: 50%;
+    min-height: 450px;
+    height: auto;
+    border-radius: 4px;
+  }
+}
+.search {
+  width: 100%;
+  margin: 0 0 10px;
+  padding: 0 10px;
+  border: 1px solid rgba(132, 146, 166, 0.3);
+  border-radius: 2px;
+}
+.search .mui-textfield {
+  padding: 0;
+  margin: 0;
+  height: 36px;
+}
+.search .mui-textfield > input {
+  border-bottom: 0;
+}
+
+@media (min-width: 1200px) {
+  .search.search--50 {
+    width: 50%;
+  }
+}
 .badge-print-status-btn .mui-form__fields.select2-inline {
   min-width: 160px;
 }
@@ -1908,6 +1985,10 @@ html.touch .collapsible__body--disable {
   text-decoration: none;
 }
 
+.card--new--padding {
+  padding: 10px;
+}
+
 .card--small {
   max-width: 400px;
 }
@@ -3365,6 +3446,121 @@ body > .proposal-box.ui-draggable {
   display: block !important;
 }
 
+@media (min-width: 768px) {
+  .membership-wrapper {
+    width: 50%;
+    float: left;
+  }
+
+  .membership-wrapper + .membership-wrapper {
+    padding-left: 15px;
+  }
+}
+.membership-wrapper__filter {
+  margin-top: 10px;
+  clear: both;
+}
+
+.membership-wrapper__info {
+  background: white;
+  margin: 10px -15px -15px;
+  padding: 15px;
+  clear: both;
+}
+
+.content-box {
+  padding: 15px;
+  background-color: #f6e2c5;
+  color: #906b37;
+  cursor: pointer;
+  margin-bottom: 15px;
+}
+
+@media (min-width: 768px) {
+  .content-box {
+    cursor: auto;
+  }
+}
+.membership-wrapper__members .membership-wrapper__members__collapsible__header {
+  margin: 5px 0 0;
+  width: 100%;
+  background: #eff2f7;
+  padding: 15px;
+  cursor: pointer;
+}
+.membership-wrapper__members .membership-wrapper__members__list {
+  border-bottom: 1px solid #ddd;
+  cursor: pointer;
+  padding: 5px 15px 15px;
+}
+.membership-wrapper__members
+  .membership-wrapper__members__list
+  .membership-wrapper__members__list__roles {
+  display: inline-block;
+  text-align: right;
+  float: right;
+}
+.membership-wrapper__members
+  .membership-wrapper__members__list
+  .membership-wrapper__members__list__roles__role {
+  display: none;
+  color: #4a90e2;
+}
+.membership-wrapper__members
+  .membership-wrapper__members__list
+  .membership-wrapper__members__list__roles__role:first-child {
+  display: block;
+}
+.membership-wrapper__members .membership-wrapper__members__list:last-child {
+  border: none;
+}
+.membership-wrapper__members .membership-wrapper__members__list--viewonly {
+  cursor: default;
+}
+.membership-wrapper__members .membership-wrapper__members__list--nomargin {
+  margin: 0 auto;
+}
+
+@media (min-width: 1200px) {
+  .membership-wrapper__members
+    .membership-wrapper__members__list
+    .membership-wrapper__members__list__roles__role {
+    display: inline-block !important;
+  }
+  .membership-wrapper__members
+    .membership-wrapper__members__list
+    .membership-wrapper__members__list__roles__count {
+    display: none;
+  }
+}
+.slide-fade-enter-active {
+  transition: all 0.1s ease-in;
+}
+
+.slide-fade-leave-active {
+  transition: all 0.1s ease-in;
+}
+
+.slide-fade-enter,
+.slide-fade-leave-to {
+  transform: translateY(10px);
+  opacity: 0;
+}
+
+.modal-form--edit .select2.select2-container {
+  display: none !important;
+}
+.modal-form--edit .select2-hidden-accessible {
+  background-color: #eee;
+  cursor: not-allowed;
+  height: 32px !important;
+  position: relative !important;
+}
+.modal-form--edit .mui-select:focus > label,
+.modal-form--edit .mui-select > select:focus ~ label {
+  color: rgba(0, 0, 0, 0.54);
+}
+
 .footer {
   padding-bottom: 50px;
   margin-top: 0;
diff --git a/funnel/static/sass/_card.scss b/funnel/static/sass/_card.scss
index be451e7f5..8673762f4 100644
--- a/funnel/static/sass/_card.scss
+++ b/funnel/static/sass/_card.scss
@@ -546,6 +546,10 @@
   }
 }
 
+.card--new--padding {
+  padding: 10px;
+}
+
 .card--small {
   max-width: 400px;
 }
diff --git a/funnel/static/sass/_form.scss b/funnel/static/sass/_form.scss
index 3ec9718c9..68fd3bdf1 100644
--- a/funnel/static/sass/_form.scss
+++ b/funnel/static/sass/_form.scss
@@ -191,6 +191,89 @@
   margin-left: 5px;
 }
 
+.modal-form-page .jquery-modal.blocker.current {
+  padding: 0;
+}
+
+.modal-form {
+  min-width: 100%;
+  min-height: 325px;
+  height: 100%;
+  border-radius: 0;
+
+  .modal-form__action-box {
+    padding: 20px;
+    position: absolute;
+    bottom: 0;
+    right: 0;
+    left: 0;
+    border-top: 1px solid rgba(132, 146, 166, 0.3);
+    border-bottom: 1px solid rgba(132, 146, 166, 0.3);
+    z-index: 1002;
+  }
+
+  .modal-form__action-box--revoke {
+    position: absolute;
+    left: 0;
+    right: 0;
+    bottom: 0;
+    padding: 20px;
+
+    .mui-btn.mui-btn--nostyle {
+      text-transform: none;
+    }
+  }
+
+  .mui-form {
+    .form-actions {
+      position: absolute;
+      bottom: 0;
+      right: 0;
+      padding: 15px;
+      z-index: 1003;
+    }
+  }
+}
+
+.modal-form.modal-form--edit {
+  .modal-form__action-box,
+  .mui-form .form-actions {
+    bottom: 65px;
+  }
+}
+
+@media (min-width: 768px) {
+  .modal-form {
+    min-width: 50%;
+    min-height: 450px;
+    height: auto;
+    border-radius: 4px;
+  }
+}
+
+.search {
+  width: 100%;
+  margin: 0 0 10px;
+  padding: 0 10px;
+  border: 1px solid rgba(132, 146, 166, 0.3);
+  border-radius: 2px;
+
+  .mui-textfield {
+    padding: 0;
+    margin: 0;
+    height: 36px;
+  }
+  .mui-textfield > input {
+    border-bottom: 0;
+  }
+}
+
+@media (min-width: 1200px) {
+  .search.search--50 {
+    width: 50%;
+  }
+}
+
 .badge-print-status-btn .mui-form__fields.select2-inline {
   min-width: 160px;
 }
diff --git a/funnel/static/sass/_layout.scss b/funnel/static/sass/_layout.scss
index efce2b345..58feffd3d 100644
--- a/funnel/static/sass/_layout.scss
+++ b/funnel/static/sass/_layout.scss
@@ -221,6 +221,11 @@ html.touch .collapsible__body--disable {
   margin-bottom: 10px;
 }
 
+.full-width-btn {
+  width: 100%;
+  margin: 0;
+}
+
 .past-events-table {
   border-collapse: collapse;
 
diff --git a/funnel/static/sass/_membership.scss b/funnel/static/sass/_membership.scss
new file mode 100644
index 000000000..1e86f6b03
--- /dev/null
+++ b/funnel/static/sass/_membership.scss
@@ -0,0 +1,118 @@
+@media (min-width: 768px) {
+  .membership-wrapper {
+    width: 50%;
+    float: left;
+  }
+  .membership-wrapper + .membership-wrapper {
+    padding-left: 15px;
+  }
+}
+
+.membership-wrapper__filter {
+  margin-top: 10px;
+  clear: both;
+}
+
+.membership-wrapper__info {
+  background: white;
+  margin: 10px -15px -15px;
+  padding: 15px;
+  clear: both;
+}
+
+.content-box {
+  padding: 15px;
+  background-color: #f6e2c5;
+  color: #906b37;
+  cursor: pointer;
+  margin-bottom: 15px;
+}
+
+@media (min-width: 768px) {
+  .content-box {
+    cursor: auto;
+  }
+}
+
+.membership-wrapper__members {
+  .membership-wrapper__members__collapsible__header {
+    margin: 5px 0 0;
+    width: 100%;
+    background: #eff2f7;
+    padding: 15px;
+    cursor: pointer;
+  }
+
+  .membership-wrapper__members__list {
+    border-bottom: 1px solid #ddd;
+    cursor: pointer;
+    padding: 5px 15px 15px;
+
+    .membership-wrapper__members__list__roles {
+      display: inline-block;
+      text-align: right;
+      float: right;
+    }
+
+    .membership-wrapper__members__list__roles__role {
+      display: none;
+      color: #4a90e2;
+    }
+    .membership-wrapper__members__list__roles__role:first-child {
+      display: block;
+    }
+  }
+
+  .membership-wrapper__members__list:last-child {
+    border: none;
+  }
+
+  .membership-wrapper__members__list--viewonly {
+    cursor: default;
+  }
+
+  .membership-wrapper__members__list--nomargin {
+    margin: 0 auto;
+  }
+}
+
+@media (min-width: 1200px) {
+  .membership-wrapper__members {
+    .membership-wrapper__members__list {
+      .membership-wrapper__members__list__roles__role {
+        display: inline-block !important;
+      }
+      .membership-wrapper__members__list__roles__count {
+        display: none;
+      }
+    }
+  }
+}
+
+.slide-fade-enter-active {
+  transition: all 0.1s ease-in;
+}
+.slide-fade-leave-active {
+  transition: all 0.1s ease-in;
+}
+.slide-fade-enter,
+.slide-fade-leave-to {
+  transform: translateY(10px);
+  opacity: 0;
+}
+
+.modal-form--edit {
+  .select2.select2-container {
+    display: none !important;
+  }
+  .select2-hidden-accessible {
+    background-color: #eee;
+    cursor: not-allowed;
+    height: 32px !important;
+    position: relative !important;
+  }
+  .mui-select:focus > label,
+  .mui-select > select:focus ~ label {
+    color: rgba(0, 0, 0, 0.54);
+  }
+}
diff --git a/funnel/static/sass/app.scss b/funnel/static/sass/app.scss
index 74b17c79e..e7289370c 100644
--- a/funnel/static/sass/app.scss
+++ b/funnel/static/sass/app.scss
@@ -15,5 +15,6 @@
 @import 'label';
 @import 'search';
 @import 'contacts';
+@import 'membership';
 @import 'footer';
 @import 'lastuser';
diff --git a/funnel/templates/account.html.jinja2 b/funnel/templates/account.html.jinja2
index 2d50dca79..cf9985fe9 100644
--- a/funnel/templates/account.html.jinja2
+++ b/funnel/templates/account.html.jinja2
@@ -160,18 +160,29 @@
       <div class="grid__col-xs-12">
         <div class="card">
           <div class="card__header">
-            <h3 class="mui--text-title mui--text-bold">{% trans %}My sessions{% endtrans %}</h3>
+            <h3 class="mui--text-title mui--text-bold">{% trans %}Login sessions{% endtrans %}</h3>
           </div>
           <div class="card__body">
             <ul class="mui-list--aligned mui-list--unstyled mui--text-subhead mui-list--border">
               {%- for user_session in current_auth.user.active_sessions %}
-                <li>From {{ user_session.ipaddr }} since {{ user_session.created_at|age }} with {{ user_session.ua['user_agent']['family']}} {{ user_session.ua['user_agent']['major'] }} on {{ user_session.ua['os']['family'] }} {{ user_session.ua['os']['major'] }}.{{ user_session.ua['os']['minor'] }}, last active {{ user_session.accessed_at|age }}
-                {% if user_session == current_auth.session -%}
+              {%- with ua=user_session.user_agent_details() %}
+                <li>
+                  {%- trans
+                      ipaddr=user_session.ipaddr,
+                      user_agent=user_session.user_agent,
+                      since=user_session.created_at|age,
+                      browser=ua['browser'],
+                      os_device=ua['os_device'],
+                      last_active=user_session.accessed_at|age -%}
+                    From {{ ipaddr }} since {{ since }} with <span title="{{ user_agent }}">{{ browser }} on {{ os_device }}</span>, last active {{ last_active }}
+                {%- endtrans %}
+                {%- if user_session == current_auth.session %}
                   {% trans %}(current){% endtrans %}
-                {%- else -%}
+                {%- else %}
                   <a href="{{ url_for('logout_session', user_session=user_session.buid) }}" title="logout">{% trans %}(logout){% endtrans %}</a>
-                {%- endif %}
+                {%- endif -%}
                 </li>
+              {%- endwith %}
               {%- endfor %}
             </ul>
           </div>
diff --git a/funnel/templates/admin.html.jinja2 b/funnel/templates/admin.html.jinja2
index 7a3c0b6db..fa77107c6 100644
--- a/funnel/templates/admin.html.jinja2
+++ b/funnel/templates/admin.html.jinja2
@@ -25,12 +25,12 @@
         <ol class="mui-list--aligned">
           {%- for event in events %}
             <li>
-              <a href="{{ event.url_for('view') }}" class="mui--text-subhead" data-cy="{{ event.title }}" data-action="View {{ event.title }}">{{ event.title }}</a>{%- if project.current_roles.admin %}&nbsp;<a href="{{ event.url_for('edit') }}" aria-label="{% trans %}Edit{% endtrans %}"  data-action="edit {{ event.title }}">{{ faicon(icon='edit', icon_size='subhead') }}</a>{%- endif %}
+              <a href="{{ event.url_for('view') }}" class="mui--text-subhead" data-cy="{{ event.title }}" data-action="View {{ event.title }}">{{ event.title }}</a>{%- if project.current_roles.concierge %}&nbsp;<a href="{{ event.url_for('edit') }}" aria-label="{% trans %}Edit{% endtrans %}"  data-action="edit {{ event.title }}">{{ faicon(icon='edit', icon_size='subhead') }}</a>{%- endif %}
             </li>
           {%- endfor %}
         </ol>
       </div>
-      {%- if project.current_roles.admin %}
+      {%- if project.current_roles.concierge %}
       <div class="mui-divider"></div>
       <div class="card__footer">
         <a href="{{ project.url_for('new_event') }}" class="mui-btn mui-btn--small mui-btn--flat mui-btn--primary" data-cy="new-event">{% trans %}New event{% endtrans %}</a>
@@ -42,7 +42,7 @@
     </div>
   </div>
 
- {%- if project.current_roles.admin %}
+ {%- if project.current_roles.concierge %}
   <div class="grid__col-xs-12 grid__col-sm-6 grid__col-md-4">
     <div class="card">
       <div class="card__header">
@@ -52,17 +52,15 @@
         <ol class="mui-list--aligned">
           {%- for ticket_type in project.ticket_types -%}
             <li data-cy-ticket="{{ ticket_type.title }}">
-              <a href="{{ ticket_type.url_for() }}" class="mui--text-subhead" data-action="View {{ ticket_type.title }}">{{ ticket_type.title }}</a>{%- if project.current_roles.admin %}&nbsp;<a href="{{ ticket_type.url_for('edit') }}" aria-label="{% trans %}Edit{% endtrans %}" data-cy="ticket-edit"  data-action="edit {{ ticket_type.title }}">{{ faicon(icon='edit', icon_size='subhead') }}</a>{%- endif %}
+              <a href="{{ ticket_type.url_for() }}" class="mui--text-subhead" data-action="View {{ ticket_type.title }}">{{ ticket_type.title }}</a>{%- if project.current_roles.concierge %}&nbsp;<a href="{{ ticket_type.url_for('edit') }}" aria-label="{% trans %}Edit{% endtrans %}" data-cy="ticket-edit"  data-action="edit {{ ticket_type.title }}">{{ faicon(icon='edit', icon_size='subhead') }}</a>{%- endif %}
             </li>
           {%- endfor %}
         </ol>
       </div>
-      {%- if project.current_roles.admin %}
       <div class="mui-divider"></div>
       <div class="card__footer">
         <a href="{{ project.url_for('new_ticket_type') }}" class="mui-btn mui-btn--small mui-btn--flat mui-btn--primary">{% trans %}New ticket{% endtrans %}</a>
       </div>
-      {%- endif %}
     </div>
   </div>
 
@@ -76,7 +74,7 @@
         <ol class="mui-list--aligned">
           {%- for client in project.ticket_clients %}
             <li>
-              <span class="mui--text-subhead">{{client.name}}</span>{%- if project.current_roles.admin %}&nbsp;<a href="{{ client.url_for('edit') }}" aria-label="{% trans %}Edit{% endtrans %}"  data-action="Edit {{ client.name }}">{{ faicon(icon='edit', icon_size='subhead') }}</a>{%- endif %}
+              <span class="mui--text-subhead">{{client.name}}</span>{%- if project.current_roles.concierge %}&nbsp;<a href="{{ client.url_for('edit') }}" aria-label="{% trans %}Edit{% endtrans %}"  data-action="Edit {{ client.name }}">{{ faicon(icon='edit', icon_size='subhead') }}</a>{%- endif %}
             </li>
           {%- endfor %}
         </ol>
diff --git a/funnel/templates/comments.html.jinja2 b/funnel/templates/comments.html.jinja2
index 23dc05e1c..481cc26a6 100644
--- a/funnel/templates/comments.html.jinja2
+++ b/funnel/templates/comments.html.jinja2
@@ -39,8 +39,10 @@
           <div data-id="{{ comment.uuid_b58 }}" data-delete-url="{{ document.url_for('delete_comment', comment=comment) }}" class="comment--footer">
             {% if not comment.state.DELETED %}
               {% if current_auth %}<a aria-label="{% trans %}Reply{% endtrans %}" class="mui--text-menu mui--text-accent js-comment-reply" href="#c{{ comment.uuid_b58 }}">[Reply]</a>{% endif %}
-              {% if comment.current_permissions.edit_comment %}<a aria-label="{% trans %}Edit{% endtrans %}" class="mui--text-menu mui--text-accent js-comment-edit" href="#c{{ comment.uuid_b58 }}">[{% trans %}Edit{% endtrans %}]</a>{% endif %}
-              {% if comment.current_permissions.delete_comment %}<a aria-label="{% trans %}Delete{% endtrans %}" class="mui--text-menu mui--text-accent js-comment-delete" href="#c{{ comment.uuid_b58 }}">[{% trans %}Delete{% endtrans %}]</a>{% endif %}
+              {% if comment.current_roles.author %}
+                <a aria-label="{% trans %}Edit{% endtrans %}" class="mui--text-menu mui--text-accent js-comment-edit" href="#c{{ comment.uuid_b58 }}">{% trans %}[Edit]{% endtrans %}</a>
+                <a aria-label="{% trans %}Delete{% endtrans %}" class="mui--text-menu mui--text-accent js-comment-delete" href="#c{{ comment.uuid_b58 }}">{% trans %}[Delete]{% endtrans %}</a>
+              {%- endif %}
             {%- endif %}
             <a aria-label="Permalink" class="mui--text-menu mui--text-accent comment--permalink" href="#c{{ comment.uuid_b58 }}">[{% trans %}Link{% endtrans %}]</a>
             {% if comment.parent %}<a aria-label="{% trans %}Parent{% endtrans %}" class="mui--text-menu mui--text-accent comment--parent" href="#c{{ comment.parent.uuid_b58 }}">[{% trans %}Parent{% endtrans %}]</a>{% endif %}
diff --git a/funnel/templates/event.html.jinja2 b/funnel/templates/event.html.jinja2
index f3eeac9e5..93df86fd8 100644
--- a/funnel/templates/event.html.jinja2
+++ b/funnel/templates/event.html.jinja2
@@ -82,7 +82,7 @@
               <td class='js-searchable' data-th="Company">{{ company }}</td>
               <td class='buttongrp-column'>
                 <ul class="mui-list--unstyled">
-                  {{#if isAdmin || isConcierge}}
+                  {{#if isUsher || isConcierge}}
                   <li>
                     <a href="{{ badge_url }}" {{#badge_printed}} class="mui-btn mui-btn--small mui-btn--raised mui-btn--accent" {{/badge_printed}} {{^badge_printed}} class="mui-btn mui-btn--small mui-btn--raised mui-btn--default" {{/badge_printed}} target="_blank" data-cy="show-badge">Show badge</a>
                   </li>
@@ -103,7 +103,7 @@
                       {{/if}}
                     </form>
                   </li>
-                  {{#if isAdmin}}
+                  {{#if isConcierge}}
                   <li>
                     <a href="{{ edit_url }}" class="mui--text-hyperlink" target="_blank" data-cy="edit-attendee-details">Edit attendee details</a>
                   </li>
@@ -124,7 +124,6 @@
 <script src="{{ url_for('static', filename=asset_path('event')) }}" type="text/javascript"></script>
 <script type="text/javascript">
   $(document).ready(function() {
-
     /* Check-in scenarios:
     1. A participant is checked-in & Internet is available. Also verify for cancel check-in and multiple participants check-in.
     2. A participant is checked-in & Internet is down.
@@ -136,23 +135,19 @@
     8. There are two check-in counters & both counter's internet is down: They checked-in few same participants. Verify both counters have the recent check-in status of participants, once internet is up.
     8. There are two check-in counters & one counters has internet and the other counter doesn't: They have checked-in different participants. Verify both counters have the recent check-in status of participants, once internet is up.
     9. There are two check-in counters & one counters has internet and the other counter doesn't: They have checked-in few same participants. Verify both counters have the recent check-in status of participants, once internet is up.*/
-
     var eventConfig = {};
     eventConfig.checkin = {
-      isAdmin: {%- if project.current_roles.admin %} true {% else %} false {%- endif %},
-      isConcierge: {%- if current_auth.permissions.checkin_event %} true {% else %} false {%- endif %},
+      isConcierge: {%- if project.current_roles.concierge %} true {% else %} false {%- endif %},
+      isUsher: {%- if project.current_roles.usher %} true {% else %} false {%- endif %},
       checkinUrl: "{{ event.url_for('checkin') }}",
       participantlistUrl: "{{ event.url_for('participants_json') }}",
       eventName: "{{ project.name }}" + "-" + "{{event.title}}".replace(/ /g,'-'),
     };
-
     eventConfig.search = {
       tableId: 'participants-table',
       inputId: 'search'
     };
-
     HasGeek.EventInit(eventConfig);
-
     //If there is no network, display a confirmation dialog when user closes/reloades the page
     window.onbeforeunload = function() {
       if (!navigator.onLine) {
@@ -161,7 +156,6 @@
         return true;
       }
     };
-
     $('#badge_form').on("submit", function() {
       if ($('#badge_form select.field-badge_printed').val() === '') {
         return false;
@@ -169,7 +163,6 @@
         return window.confirm('Are you sure? Selected action will apply to all listed participants.');
       }
     });
-
   });
 </script>
 {% endblock %}
diff --git a/funnel/templates/funnelindex.html.jinja2 b/funnel/templates/funnelindex.html.jinja2
index 07b34354e..aa146bfdc 100644
--- a/funnel/templates/funnelindex.html.jinja2
+++ b/funnel/templates/funnelindex.html.jinja2
@@ -79,7 +79,7 @@
   <div class="grid">
     <div class="grid__col-sm-12">
       <p class="mui--text-headline">{% trans %}There are no projects at this time.{% endtrans %}
-        {% if current_auth.permissions.new_project %}<a href="{{ g.profile.url_for('new_project') }}">{% trans %}Create one{% endtrans %}</a>.{% endif %}
+        {% if g.profile and g.profile.current_roles.admin %}<a href="{{ g.profile.url_for('new_project') }}">{% trans %}Create one{% endtrans %}</a>.{% endif %}
       </p>
     </div>
   </div>
diff --git a/funnel/templates/index.html.jinja2 b/funnel/templates/index.html.jinja2
index ce0235292..6d8aaa811 100644
--- a/funnel/templates/index.html.jinja2
+++ b/funnel/templates/index.html.jinja2
@@ -2,7 +2,7 @@
 {% block title %}{% if profile %}{{ profile.title }}{% else %}{{ config['SITE_TITLE'] }}{% endif %}{% endblock %}
 {% from "baseframe/components.html.jinja2" import faicon %}
 {%- from "macros.html.jinja2" import calendarwidget, saveprojectform %}
-{% block description %}{% if profile %}{{ profile.description.html|firstline }}{% else %}{% trans %}HasGeek creates discussion spaces for geeks. Meet like-minded people, learn new things and discover new opportunities.{% endtrans %}{% endif %}{% endblock %}
+
 
 {%- block pageheaders %}
 <link rel="search" type="application/opensearchdescription+xml" href="{{ url_for('opensearch') }}" title="{{ config['SITE_TITLE'] }}" />
@@ -51,13 +51,19 @@
     <div class="mui-container">
       <div class="grid hg-banner mui--bg-accent">
         <div class="grid__col-12">
-          <div class="profile-details profile-details--center">
+          <a class="profile-details profile-details--center" href="{{ g.profile.url_for() }}">
             {%- if profile.logo_url.url %}
               <span class="profile-details__logo-wrapper"><img class="profile-details__logo_wrapper__logo" src="{{ profile.logo_url }}" alt="{{ profile.title }}"/></span>
             {% endif %}
             <h2 class="mui--text-display1 mui--text-bold" data-cy="profile-title">{{ profile.title }}</h2>
-          </div>
+          </a>
           <div class="mui--text-headline">{{ profile.description.html }}</div>
+          {%- if profile.current_roles.owner or  profile.current_roles.admin %}
+          <p>
+            <a class="mui-btn mui-btn--primary mui-btn--raised" data-cy-btn="profile-crew" href="{{ g.profile.url_for('membership') }}">{%- if profile.current_roles.owner %}{% trans %}Add crew{% endtrans %}{% elif profile.current_roles.admin %}{% trans %}View crew{% endtrans %}{% endif %}</a>
+            <a class="mui-btn mui-btn--secondary mui-btn--raised" data-cy-btn="edit-details" href="{{ g.profile.url_for('edit') }}">{% trans %}Edit details{% endtrans %}</a>
+          </p>
+          {% endif %}
           <div class="mui-divider mui-divider--banner"></div>
         </div>
       </div>
@@ -245,7 +251,7 @@
     </div>
   {% endif %}
 
-  {%- if profile and current_auth.permissions.new_project %}
+  {%- if profile and (profile.current_roles.admin or profile.current_roles.editor or profile.current_roles.concierge) %}
     <div class="projects-wrapper">
       <div class="mui-container">
         <div class="grid">
@@ -254,49 +260,51 @@
           </div>
         </div>
         <ul class="grid projects" role="list">
-          <li class="grid__col-12 grid__col-xs-12 grid__col-sm-6 grid__col-lg-4" role="listitem">
-            <a class="card card--upcoming card--new clickable-card" href="{{ g.profile.url_for('new_project')}}" aria-label="Create new project" data-cy="new-project" data-action="Add new project">
-              <div class="card__image-wrapper">
-                <img class="card__image" src="{{ url_for('static', filename='img/card-background.png') }}" alt="new"/>
-                <p class="card__image-wrapper__icon-wrapper">{{ faicon(icon='plus', icon_size='display1', css_class='mui--align-middle card__image-wrapper__icon-wrapper__icon') }}</p>
-              </div>
-              <div class="card__body">
-                <h4 class="mui--text-headline mui--text-bold">{% trans %}Start a project{% endtrans %}</h4>
-                <p class="mui--text-subhead mui--text-light zero-top-margin"">{% trans %}Write, collaborate and get feedback.{% endtrans %}</p>
-              </div>
-              <div class="mui-divider"></div>
-              <div class="card__footer">
-                <p class="mui-btn mui-btn--small mui-btn--flat mui-btn--accent">{% trans %}Start project{% endtrans %}</p>
-              </div>
-            </a>
-          </li>
-        {% if draft_projects %}
-          {% for project in draft_projects %}
-            <li class="grid__col-12 grid__col-xs-12 grid__col-sm-6 grid__col-lg-4 js-draft-projects {% if loop.index > 2 %}mui--hide{% endif %}" role="listitem">
-              <a class="card card--upcoming clickable-card" href="{{ project.url_for() }}" aria-label="{{ project.title }}" data-cy-project="{{ project.title }}" data-action="View {{ project.title }}(drafts)">
+          {%- if profile.current_roles.admin %}
+            <li class="grid__col-12 grid__col-xs-12 grid__col-sm-6 grid__col-lg-4" role="listitem">
+              <a class="card card--upcoming card--new clickable-card" href="{{ g.profile.url_for('new_project')}}" aria-label="Create new project" data-cy="new-project" data-action="Add new project">
                 <div class="card__image-wrapper">
-                  {% if project.bg_image.url %}
-                    <img class="card__image js-lazyload-img" data-src="{{ project.bg_image }}" alt="{{ project.title }}"/>
-                    <noscript>
-                      <img class="card__image" src="{{ project.bg_image }}" alt="{{ project.title }}"/>
-                    </noscript>
-                  {% else %}
-                    <img class="card__image" src="{{ url_for('static', filename='img/card-background.png') }}" alt="{{ project.title }}"/>
-                    <p class="card__image__tagline mui--text-body1">{{ project.title }}</p>
-                  {% endif %}
+                  <img class="card__image" src="{{ url_for('static', filename='img/card-background.png') }}" alt="new"/>
+                  <p class="card__image-wrapper__icon-wrapper">{{ faicon(icon='plus', icon_size='display1', css_class='mui--align-middle card__image-wrapper__icon-wrapper__icon') }}</p>
                 </div>
                 <div class="card__body">
-                  {% if project.calendar_weeks_compact.weeks and project.calendar_weeks_compact.weeks|length > 0 %}
-                    <div aria-label="{{ project.datelocation }}">
-                      {{ calendarwidget(project.calendar_weeks_compact) }}
-                    </div>
-                  {% endif %}
-                  <h3 class="card__body__title {% if not project.calendar_weeks_compact.weeks %} card__body__title--smaller {% endif %} js-truncate" data-truncate-lines="3"><span class="mui--text-bold">{{ project.title_inline }}</span> <span class="mui--text-light">{{ project.tagline }}</span></h3>
-                  <p class="card__body__location">{% if project.primary_venue %}{{ faicon(icon='map-marker-alt', icon_size='caption', baseline=false) }} {% if project.primary_venue.city %}{{ project.primary_venue.city }}{% else %}{{ project.primary_venue.title }}{% endif %}{% endif %}</p>
+                  <h4 class="mui--text-headline mui--text-bold">{% trans %}Start a project{% endtrans %}</h4>
+                  <p class="mui--text-subhead mui--text-light zero-top-margin"">{% trans %}Write, collaborate and get feedback.{% endtrans %}</p>
+                </div>
+                <div class="mui-divider"></div>
+                <div class="card__footer">
+                  <p class="mui-btn mui-btn--small mui-btn--flat mui-btn--accent">{% trans %}Start project{% endtrans %}</p>
                 </div>
               </a>
             </li>
-          {%- endfor -%}
+          {% endif %}
+          {% if draft_projects %}
+            {% for project in draft_projects %}
+              <li class="grid__col-12 grid__col-xs-12 grid__col-sm-6 grid__col-lg-4 js-draft-projects {% if loop.index > 2 %}mui--hide{% endif %}" role="listitem">
+                <a class="card card--upcoming clickable-card" href="{{ project.url_for() }}" aria-label="{{ project.title }}" data-cy-project="{{ project.title }}" data-action="View {{ project.title }}(drafts)">
+                  <div class="card__image-wrapper">
+                    {% if project.bg_image.url %}
+                      <img class="card__image js-lazyload-img" data-src="{{ project.bg_image }}" alt="{{ project.title }}"/>
+                      <noscript>
+                        <img class="card__image" src="{{ project.bg_image }}" alt="{{ project.title }}"/>
+                      </noscript>
+                    {% else %}
+                      <img class="card__image" src="{{ url_for('static', filename='img/card-background.png') }}" alt="{{ project.title }}"/>
+                      <p class="card__image__tagline mui--text-body1">{{ project.title }}</p>
+                    {% endif %}
+                  </div>
+                  <div class="card__body">
+                    {% if project.calendar_weeks_compact.weeks and project.calendar_weeks_compact.weeks|length > 0 %}
+                      <div aria-label="{{ project.datelocation }}">
+                        {{ calendarwidget(project.calendar_weeks_compact) }}
+                      </div>
+                    {% endif %}
+                    <h3 class="card__body__title {% if not project.calendar_weeks_compact.weeks %} card__body__title--smaller {% endif %} js-truncate" data-truncate-lines="3"><span class="mui--text-bold">{{ project.title_inline }}</span> <span class="mui--text-light">{{ project.tagline }}</span></h3>
+                    <p class="card__body__location">{% if project.primary_venue %}{{ faicon(icon='map-marker-alt', icon_size='caption', baseline=false) }} {% if project.primary_venue.city %}{{ project.primary_venue.city }}{% else %}{{ project.primary_venue.title }}{% endif %}{% endif %}</p>
+                  </div>
+                </a>
+              </li>
+            {%- endfor -%}
           </ul>
           {% if draft_projects|length > 3 %}
             <div class="mui--text-center">
diff --git a/funnel/templates/labels.html.jinja2 b/funnel/templates/labels.html.jinja2
index 8faa937a9..97c5117f0 100644
--- a/funnel/templates/labels.html.jinja2
+++ b/funnel/templates/labels.html.jinja2
@@ -81,7 +81,7 @@
         event.preventDefault();
         var btnTitle = $(this).attr('title').toLowerCase();
         var url = $(this).attr('href');
-        var text = "Are you sure you want to " + btnTitle;
+        var text = "Are you sure you want to " + btnTitle + "?";
         var csrftoken = 'csrf_token=' + document.head.querySelector("[name=csrf-token]").content;
         if(window.confirm(text)) {
           $.ajax({
diff --git a/funnel/templates/layout.html.jinja2 b/funnel/templates/layout.html.jinja2
index 4b96d04be..36a580958 100644
--- a/funnel/templates/layout.html.jinja2
+++ b/funnel/templates/layout.html.jinja2
@@ -44,7 +44,7 @@
   {% endif -%}
 {%- endblock %}
 
-{%- block font_icons %}{%- endblock %}
+
 
 {%- block layoutheaders %}
   {%- if not config['LEGACY'] -%}
diff --git a/funnel/templates/macros.html.jinja2 b/funnel/templates/macros.html.jinja2
index c3bbcf056..fcc675926 100644
--- a/funnel/templates/macros.html.jinja2
+++ b/funnel/templates/macros.html.jinja2
@@ -190,13 +190,14 @@
       {%- if project.primary_venue -%}
         <a class="sub-navbar__item mui--text-subhead mui--text-light {% if current_page == 'project' %}js-smooth-scroll js-samepage{%- endif %}" href="{%- if current_page != 'project' -%}{{ project.url_for() }}{%- endif %}#venue" data-action="Venue(navbar)" data-cy-navbar="venue">{% trans %}Venue{% endtrans %} <span class="sub-navbar__item__icon mui--pull-right">{{ faicon(icon='chevron-right', icon_size='subhead') }}</span></a>
       {%- endif %}
-      {%- if project.current_roles.admin or not project.cfp_state.NONE -%}
+      {%- if project.current_roles.editor or not project.cfp_state.NONE -%}
         <a class="sub-navbar__item mui--text-subhead mui--text-light {% if current_page == 'proposals' %}js-smooth-scroll js-samepage{%- endif %}" href="{%- if current_page != 'proposals' -%}{{ project.url_for('view_proposals') }}{%- endif %}#call-for-proposal" data-action="Proposals(navbar)" data-cy-navbar="proposals">{% trans %}Proposals{% endtrans %} <span class="sub-navbar__item__icon mui--pull-right">{{ faicon(icon='chevron-right', icon_size='subhead') }}</span></a>
       {%- endif %}
       {%- if project.schedule_state.PUBLISHED %}
         <a class="sub-navbar__item mui--text-subhead mui--text-light {% if current_page == 'schedule' %}js-smooth-scroll js-samepage{%- endif %}" href="{%- if current_page != 'schedule' -%}{{ project.url_for('schedule') }}{%- else %}#schedule{%- endif %}" data-action="Schedule(navbar)" data-cy-navbar="schedule">{% trans %}Schedule{% endtrans %} <span class="sub-navbar__item__icon mui--pull-right">{{ faicon(icon='chevron-right', icon_size='subhead') }}</span></a>
       {%- endif %}
-      {%- if project.current_roles.admin or current_auth.permissions.checkin_event -%}
+      <a class="sub-navbar__item mui--text-subhead mui--text-light" href="{{ project.url_for('membership') }}" title="Crew" data-action="Crew(navbar)" data-cy-navbar="crew">{% trans %}Crew{% endtrans %} <span class="sub-navbar__item__icon mui--pull-right">{{ faicon(icon='chevron-right', icon_size='subhead') }}</span></a>
+      {%- if project.current_roles.editor or project.current_roles.concierge or project.current_roles.usher -%}
         <a class="sub-navbar__item mui--text-subhead mui--text-light {% if current_page == 'settings' %}js-smooth-scroll js-samepage{%- endif %}" href="{%- if current_page != 'settings' -%}{{ project.url_for('settings') }}{%- endif %}#admin-panel" data-action="Settings(navbar)" data-cy-navbar="settings">{% trans %}Settings{% endtrans %} <span class="sub-navbar__item__icon mui--pull-right">{{ faicon(icon='chevron-right', icon_size='subhead') }}</span></a>
       {%- endif %}
     </nav>
@@ -219,9 +220,9 @@
     <p><a href="https://videoken.com" target="_blank" class="mui--text-caption details__box__control__link">Powered by VideoKen</a></p>
   {%- endif %}
 
-  {%- if proposal and proposal.current_roles.owner %}
+  {%- if proposal and 'edit_proposal' in proposal.permissions(current_auth.user) %}
     <a class="details__box__control__link mui--text-subhead" href="{{ proposal.url_for('edit') }}#field-video" data-cy="edit-video" aria-label="{% trans %}Edit proposal video{% endtrans %}">{{ faicon(icon='edit', icon_size='subhead', css_class='fa5--link') }}</a>
-  {% elif session and session.project.current_roles.admin %}
+  {% elif session and session.project.current_roles.editor %}
     <a class="details__box__control__link mui--text-subhead" href="{{ session.url_for('edit') }}" data-cy="edit-video" aria-label="{% trans %}Edit session video{% endtrans %}">{{ faicon(icon='edit', icon_size='subhead', css_class='fa5--link') }}</a>
   {%- endif %}
 
diff --git a/funnel/templates/membership_invite_actions.html.jinja2 b/funnel/templates/membership_invite_actions.html.jinja2
new file mode 100644
index 000000000..1e2ccbff6
--- /dev/null
+++ b/funnel/templates/membership_invite_actions.html.jinja2
@@ -0,0 +1,22 @@
+{% extends "layout.html.jinja2" %}
+{% set title_suffix = membership.project.title %}
+{% block title %}{% trans %}Manage membership{% endtrans %}{% endblock %}
+
+{% block contenthead %}{% endblock %}
+
+{% block basecontent %}
+<div class="mui-container">
+  <div class="page-content page-content--mob-nav">
+    <div class="grid" id="membership">
+      <div class="grid__col-xs-12">
+        <p>You have been invited to {{ membership.project.title }}.</p>
+        <form method='POST' action="{{ membership.url_for('invite_action') }}">
+          {{ form.hidden_tag() }}
+          <button type="submit" name="action" value="accept">Accept</button>
+          <button type="submit" name="action" value="decline">Decline</button>
+        </form>
+      </div>
+    </div>
+  </div>
+</div>
+{% endblock %}
diff --git a/funnel/templates/organization_index.html.jinja2 b/funnel/templates/organization_index.html.jinja2
index 5dfdca731..5cd1ea216 100644
--- a/funnel/templates/organization_index.html.jinja2
+++ b/funnel/templates/organization_index.html.jinja2
@@ -4,7 +4,7 @@
 
 {% block top_title %}
   <h1 class="mui--text-display1">Organizations</h1>
-  <p><a class="mui-btn mui-btn--small mui-btn--raised mui-btn--primary" href="{{ url_for('OrgView_new') }}">{% trans %}New organization{% endtrans %}</a></p>
+  <p><a class="mui-btn mui-btn--small mui-btn--raised mui-btn--primary" href="{{ url_for('OrgView_new') }}">{% trans %}new organization{% endtrans %}</a></p>
 {% endblock %}
 
 {% block content %}
diff --git a/funnel/templates/organization_membership.html.jinja2 b/funnel/templates/organization_membership.html.jinja2
new file mode 100644
index 000000000..94f5438c3
--- /dev/null
+++ b/funnel/templates/organization_membership.html.jinja2
@@ -0,0 +1,154 @@
+{% extends "index.html.jinja2" %}
+
+{% block basecontent %}
+<div class="projects-wrapper">
+  <div class="mui-container">
+    <div class="grid" id="membership">
+      <div class="grid__col-xs-12">
+        {% raw %}
+        <div id="manage-membership">
+          <div class="membership-wrapper" v-if="isUserProfileAdmin">
+            <div class="content-box mui--z1" @click="isMobile ? showInfo = !showInfo : null" role="button" aria-label="What role should I assign? Read more">
+              <p class="mui--text-headline mui--text-bold">What role should I assign?</p>
+              <p class="mui--text-subhead">Read this before adding a new member
+                <svg class="fa5-icon fa5-icon--title mui--align-middle mui--hidden-xl mui--hidden-lg" aria-hidden="true" role="img">
+                  <use v-bind:xlink:href="svgIconUrl + '#angle-up'" v-if="showInfo"></use>
+                  <use v-bind:xlink:href="svgIconUrl + '#angle-down'" v-else></use>
+                </svg>
+              </p>
+              <transition name="slide-fade">
+                <div class="membership-wrapper__info" v-if="showInfo || !isMobile">
+                  <p><svg class="fa5-icon fa5-icon--title fa5--align-baseline" aria-hidden="true" role="img"><use v-bind:xlink:href="svgIconUrl + '#user-circle'"></use></svg> <span class="mui--text-headline mui--text-bold mui--text-center">Member roles</span></p>
+
+                  <p class="mui--text-title mui--text-uppercase">Owner</p>
+                  <ul class="mui-list--unstyled">
+                    <li><svg class="fa5-icon fa5--align-baseline" aria-hidden="true" role="img"><use v-bind:xlink:href="svgIconUrl + '#check'"></use></svg> <span class="mui--text-subhead">Can add members and revoke members</span></li>
+                    <li><svg class="fa5-icon fa5--align-baseline" aria-hidden="true" role="img"><use v-bind:xlink:href="svgIconUrl + '#check'"></use></svg> <span class="mui--text-subhead">Can edit profile</span></li>
+                    <li><svg class="fa5-icon fa5--align-baseline" aria-hidden="true" role="img"><use v-bind:xlink:href="svgIconUrl + '#check'"></use></svg> <span class="mui--text-subhead">Can create projects</span></li>
+                  </ul>
+                  <hr>
+                  <p class="mui--text-title mui--text-uppercase">Admin</p>
+                  <ul class="mui-list--unstyled">
+                    <li><svg class="fa5-icon fa5--align-baseline" aria-hidden="true" role="img"><use v-bind:xlink:href="svgIconUrl + '#check'"></use></svg> <span class="mui--text-subhead">Can edit profile</span></li>
+                    <li><svg class="fa5-icon fa5--align-baseline" aria-hidden="true" role="img"><use v-bind:xlink:href="svgIconUrl + '#check'"></use></svg> <span class="mui--text-subhead">Can create projects</span></li>
+                  </ul>
+                  <hr>
+                </div>
+              </transition>
+            </div>
+          </div>
+          <div class="membership-wrapper">
+            <div class="mui--clearfix">
+              <div class="mui--text-center btn-wrapper membership-wrapper--left" v-if="isUserProfileAdmin">
+                <button class="mui-btn mui-btn--raised mui-btn--primary full-width-btn" @click="fetchForm($event, newMemberUrl)" aria-label="Add new member" data-cy-btn="add-member"><svg class="fa5-icon fa5--align-baseline" aria-hidden="true" role="img"><use v-bind:xlink:href="svgIconUrl + '#plus'"></use></svg> Add new member</p></button>
+                <hr class="mui--hidden-xl">
+              </div>
+              <div class="mui--text-center" v-if="members" :class="[isUserProfileAdmin? 'membership-wrapper--right': '']">
+                <form class="mui-form mui--d-inlineblock search mui--z1" v-on:submit.prevent>
+                  <div class="mui-textfield">
+                    <input class="field-search" type="text" name="key" value="" placeholder="Search member…" v-model="search" @input="onChange"/>
+                  </div>
+                </form>
+              </div>
+            </div>
+            <div v-if="members">
+              <div class="mui--clearfix membership-wrapper__filter">
+                <p class="mui--text-title mui--pull-left">{{ members.length }} <span v-if="members.length > 1">members</span><span v-else>member</span></p>
+                <div class="mui--pull-right">
+                   <button class="mui-btn mui-btn--nostyle mui--text-title" @click="filter($event, 'name')" :class="[view == 'name' ? 'mui--text-bold mui--text-underline' : 'mui--text-light']">Name</button>
+                    <button class="mui-btn mui-btn--nostyle mui--text-light mui--text-title" @click="filter($event, 'role')"  :class="[view == 'role' ? 'mui--text-bold mui--text-underline' : 'mui--text-light']">Role</button>
+                </div>
+              </div>
+              <div v-if="view == 'role'" class="membership-wrapper__members">
+                <div v-for="role in roles">
+                  <p class="mui--text-subhead membership-wrapper__members__collapsible__header" @click="collapse($event, role)"> {{ role.roleName }}
+                    <svg class="fa5-icon fa5-icon--title fa5--align-baseline mui--pull-right collapsible__icon" aria-hidden="true" role="img">
+                      <use v-bind:xlink:href="svgIconUrl + '#angle-right'" v-if="!role.showMembers"></use>
+                      <use v-bind:xlink:href="svgIconUrl + '#angle-down'" v-else></use>
+                    </svg>
+                  </p>
+                  <transition name="slide-fade">
+                    <div v-if="role.showMembers">
+                      <div class="membership-wrapper__members__list membership-wrapper__members__list--nomargin" v-for="member in members" :class="[search && member.hide ? 'mui--hide' : '', isUserProfileAdmin ?  '' : 'membership-wrapper__members__list--viewonly']" @click="fetchForm($event, member.urls.edit, member)" title="Edit" aria-label="Edit" role="button" v-if="member[role.roleKey]">
+                        <member :member="member"></member>
+                      </div>
+                    </div>
+                  </transition>
+                </div>
+              </div>
+              <div v-if="view == 'name'" class="membership-wrapper__members">
+                <div class="membership-wrapper__members__list" v-for="member in members" :class="[search && member.hide ? 'mui--hide' : '', isUserProfileAdmin ? '' : 'membership-wrapper__members__list--viewonly']" @click="fetchForm($event, member.urls.edit, member)" title="Edit" aria-label="Edit" role="button">
+                  <member :member="member"></member>
+                </div>
+              </div>
+            </div>
+            <div class="card" v-else>
+              <div class="card__header mui--bg-accent">
+                <p class="mui--text-center zero-bottom-margin"><svg class="fa5-icon fa5-icon--display1" aria-hidden="true" role="img"><use v-bind:xlink:href="svgIconUrl + '#users'"></use></svg></p>
+                <p class="mui--text-subhead mui--text-bold mui--text-center zero-bottom-margin">No members found</p>
+                <p class="mui--text-body1 mui--text-center mui--text-light zero-bottom-margin">Members you add will appear here…</p>
+              </div>
+            </div>
+            <div id="member-form" class="modal modal-form" :class="[activeMember ? 'modal-form--edit' : '']">
+              <a class="modal__close" href="javascript:void(0);" aria-label="{% trans %}Close{% endtrans %}" rel="modal:close">
+                <svg class="fa5-icon fa5-icon--title" aria-hidden="true" role="img"><use v-bind:xlink:href="svgIconUrl + '#times'"></use></svg>
+              </a>
+              <component :is="Form"></component>
+              <div class="modal-form__action-box mui--bg-accent">
+                <p class="mui--text-subhead mui--text-danger mui--text-right" v-if="errorMsg">{{ errorMsg }}</p>
+                <button class="mui-btn mui-btn--nostyle mui--text-light" @click="closeForm($event)">Cancel</button>
+              </div>
+              <div v-if="activeMember" class="modal-form__action-box--revoke mui--text-center">
+                <button @click="fetchForm($event, deleteURL)" title="Delete" class="mui-btn mui-btn--nostyle mui--text-subhead" data-cy-btn="revoke"><span class="mui--text-light">Revoke this membership - </span><span class="mui--text-bold">Revoke</span></button>
+              </div>
+            </div>
+          </div>
+        {% endraw %}
+      </div>
+    </div>
+  </div>
+</div>
+{% raw %}
+<script type="text/x-template" id="member-template">
+  <div class="user-box mui--clearfix">
+    <img class="user-gravatar" :src=member.user_avatar :alt=member.user.fullname :aria-label=member.user.fullname v-if="member.user_avatar"/>
+    <img class="user-gravatar" src="https://www.gravatar.com/avatar/00000000000000000000000000000000?d=mp&f=y" :alt=member.user.fullname :aria-label=member.user.fullname v-else/>
+    <div class="mui--d-inlineblock">
+    <h3 class="mui--text-title zero-top-margin zero-bottom-margin" data-cy="member">{{ member.user.fullname }}</h3>
+    <h3 v-if="member.user.username" class="mui--text-subhead zero-top-margin zero-bottom-margin"><span>@{{ member.user.username }}</span></h3>
+    </div>
+    <ul class="mui-list--inline mui--text-subhead zero-bottom-margin membership-wrapper__members__list__roles">
+      <li v-if="member.is_owner" class="membership-wrapper__members__list__roles__role mui--text-body1" data-cy="role">Owner</li>
+      <li v-else class="membership-wrapper__members__list__roles__role mui--text-body1" data-cy="role">Admin</li>
+      <li class="mui--text-light membership-wrapper__members__list__roles__count mui--text-caption" v-if="rolesCount(member) > 0">+ {{ rolesCount(member) }} more <span v-if="rolesCount(member) > 1">roles</span><span v-else>role</span></li>
+    </ul>
+  </div>
+</script>
+{% endraw %}
+{% endblock %}
+
+{% block footerscripts %}
+  <script src="{{ url_for('static', filename=asset_path('membership')) }}" type="text/javascript"></script>
+  <script type="text/javascript">
+    $(function() {
+
+      var membershipConfig = {
+        newMemberUrl: "{{ profile.url_for('new_member') }}",
+        members: {{ memberships|tojson }},
+        roles: [
+          {
+            roleKey: 'is_owner',
+            roleName: 'Owner',
+            showMembers: false,
+          },
+        ],
+        divElem: "#manage-membership",
+        memberTemplate: '#member-template',
+        isUserProfileAdmin: {%- if profile.current_roles.owner %} true {% else %} false {%- endif %},
+      };
+
+      HasGeek.Membership(membershipConfig);
+
+    });
+  </script>
+{% endblock %}
diff --git a/funnel/templates/organization_membership_add_email.md.jinja2 b/funnel/templates/organization_membership_add_email.md.jinja2
new file mode 100644
index 000000000..df2d8b74f
--- /dev/null
+++ b/funnel/templates/organization_membership_add_email.md.jinja2
@@ -0,0 +1,5 @@
+{% trans profile_title=profile.title, granted_by=granted_by.pickername %}
+**{{ granted_by }}** has added you to **{{ profile_title }}** as a crew member.
+{% endtrans %}
+
+[See more details]({{ organization_membership_link }})
diff --git a/funnel/templates/organization_membership_revoke_notification_email.md.jinja2 b/funnel/templates/organization_membership_revoke_notification_email.md.jinja2
new file mode 100644
index 000000000..86812961c
--- /dev/null
+++ b/funnel/templates/organization_membership_revoke_notification_email.md.jinja2
@@ -0,0 +1,3 @@
+{% trans profile_title=profile.title, revoked_by=revoked_by.pickername %}
+You have been removed as an admin from **{{ profile_title }}** by **{{ revoked_by }}**.
+{% endtrans %}
diff --git a/funnel/templates/project.html.jinja2 b/funnel/templates/project.html.jinja2
index de1ef099b..edc5145f6 100644
--- a/funnel/templates/project.html.jinja2
+++ b/funnel/templates/project.html.jinja2
@@ -95,7 +95,7 @@
                 <a href="{{ url_for('login') }}" class='mui-btn mui-btn--raised mui-btn--primary'>{% trans %}Login to respond{% endtrans %}</a>
               </p>
             {%- endif %}
-            {% if project.current_roles.admin or current_auth.permissions.view_rsvps %}
+            {% if project.current_roles.concierge %}
               <a href="{{ project.url_for('rsvp_list') }}" data-cy="see-responses">{% trans %}See responses{% endtrans %}</a>
             {% endif %}
           {%- endif %}
diff --git a/funnel/templates/project_membership.html.jinja2 b/funnel/templates/project_membership.html.jinja2
new file mode 100644
index 000000000..c0efe112d
--- /dev/null
+++ b/funnel/templates/project_membership.html.jinja2
@@ -0,0 +1,207 @@
+{% extends "layout.html.jinja2" %}
+{% set title_suffix = project.title %}
+{%- from "macros.html.jinja2" import project_header %}
+{% from "baseframe/forms.html.jinja2" import renderfield %}
+{% block title %}{% trans %}Crew{% endtrans %}{% endblock %}
+
+{% block contenthead %}{% endblock %}
+
+{% block bodytag %}
+  {%- if not config['LEGACY'] -%}
+    <body class="mui--bg-primary hg-app modal-form-page">
+  {%- else %}
+    <body class="mui--bg-primary">
+  {%- endif %}
+{% endblock %}
+
+{% block baseheadline %}
+  <div class="mui--hidden-md mui--hidden-lg mui--hidden-xl">
+    <div class="mobile-nav mui--z1">
+      <a href="{{ project.url_for() }}" aria-label="{% trans %}Back to the project{% endtrans %}" class="mui--text-dark mui--text-headline">{{ faicon(icon='long-arrow-left', icon_size='title', css_class='mobile-nav__prev') }}</a> <span class="mui--text-dark mui--text-headline">{% trans %}Crew{% endtrans %}</span>
+    </div>
+  </div>
+  {{ project_header(project, project_save_form,
+    class='mui--hidden-xs mui--hidden-sm',
+    current_page='schedule') }}
+{% endblock %}
+
+{% block basecontent %}
+  <div class="mui-container">
+  <div class="page-content page-content--mob-nav">
+    <div class="grid" id="membership">
+      <div class="grid__col-xs-12">
+        {% raw %}
+        <div id="manage-membership">
+          <div class="membership-wrapper" v-if="isUserProfileAdmin">
+            <div class="content-box mui--z1" @click="isMobile ? showInfo = !showInfo : null" role="button" aria-label="What role should I assign? Read more">
+              <p class="mui--text-headline mui--text-bold">What role should I assign?</p>
+              <p class="mui--text-subhead">Read this before adding a new member
+                <svg class="fa5-icon fa5-icon--title mui--align-middle mui--hidden-xl mui--hidden-lg" aria-hidden="true" role="img">
+                  <use v-bind:xlink:href="svgIconUrl + '#angle-up'" v-if="showInfo"></use>
+                  <use v-bind:xlink:href="svgIconUrl + '#angle-down'" v-else></use>
+                </svg>
+              </p>
+              <transition name="slide-fade">
+                <div class="membership-wrapper__info" v-if="showInfo || !isMobile">
+                  <p><svg class="fa5-icon fa5-icon--title fa5--align-baseline" aria-hidden="true" role="img"><use v-bind:xlink:href="svgIconUrl + '#user-circle'"></use></svg> <span class="mui--text-headline mui--text-bold mui--text-center">Member roles</span></p>
+
+                  <p class="mui--text-title mui--text-uppercase">Profile Owner/Admin</p>
+                  <ul class="mui-list--unstyled">
+                    <li><svg class="fa5-icon fa5--align-baseline" aria-hidden="true" role="img"><use v-bind:xlink:href="svgIconUrl + '#check'"></use></svg> <span class="mui--text-subhead">Can create new projects</span></li>
+                    <li><svg class="fa5-icon fa5--align-baseline" aria-hidden="true" role="img"><use v-bind:xlink:href="svgIconUrl + '#check'"></use></svg> <span class="mui--text-subhead">Can add members to a project and revoke members</span></li>
+                  <hr>
+
+                  <p class="mui--text-title mui--text-uppercase">Editor</p>
+                  <ul class="mui-list--unstyled">
+                    <li><svg class="fa5-icon fa5--align-baseline" aria-hidden="true" role="img"><use v-bind:xlink:href="svgIconUrl + '#check'"></use></svg> <span class="mui--text-subhead">Can edit project details</span></li>
+                    <li><svg class="fa5-icon fa5--align-baseline" aria-hidden="true" role="img"><use v-bind:xlink:href="svgIconUrl + '#check'"></use></svg> <span class="mui--text-subhead">Can add and publish the CFP</span></li>
+                    <li><svg class="fa5-icon fa5--align-baseline" aria-hidden="true" role="img"><use v-bind:xlink:href="svgIconUrl + '#check'"></use></svg> <span class="mui--text-subhead">Can add and edit sessions to the schedule and publsh it</span></li>
+                    <li><svg class="fa5-icon fa5--align-baseline" aria-hidden="true" role="img"><use v-bind:xlink:href="svgIconUrl + '#check'"></use></svg> <span class="mui--text-subhead">Can add and edit labels</span></li>
+                    <li><svg class="fa5-icon fa5--align-baseline" aria-hidden="true" role="img"><use v-bind:xlink:href="svgIconUrl + '#check'"></use></svg> <span class="mui--text-subhead">Can add and edit venues</span></li>
+                  </ul>
+                  <hr>
+                  <p class="mui--text-title mui--text-uppercase">Concierge</p>
+                  <ul class="mui-list--unstyled">
+                    <li><svg class="fa5-icon fa5--align-baseline" aria-hidden="true" role="img"><use v-bind:xlink:href="svgIconUrl + '#check'"></use></svg> <span class="mui--text-subhead">Can add and edit events for checkin</span></li>
+                    <li><svg class="fa5-icon fa5--align-baseline" aria-hidden="true" role="img"><use v-bind:xlink:href="svgIconUrl + '#check'"></use></svg> <span class="mui--text-subhead">Add ticket clients</span></li>
+                    <li><svg class="fa5-icon fa5--align-baseline" aria-hidden="true" role="img"><use v-bind:xlink:href="svgIconUrl + '#check'"></use></svg> <span class="mui--text-subhead">Add and view attendees</span></li>
+                  </ul>
+                  <hr>
+                  <p class="mui--text-title mui--text-uppercase">Usher</p>
+                  <ul class="mui-list--unstyled">
+                    <li><svg class="fa5-icon fa5--align-baseline" aria-hidden="true" role="img"><use v-bind:xlink:href="svgIconUrl + '#check'"></use></svg> <span class="mui--text-subhead">Can checkin attendees</span></li>
+                  </ul>
+                  <hr>
+                </div>
+              </transition>
+            </div>
+          </div>
+          <div class="membership-wrapper">
+            <div class="mui--clearfix">
+              <div class="mui--text-center btn-wrapper membership-wrapper--left" v-if="isUserProfileAdmin">
+                <button class="mui-btn mui-btn--raised mui-btn--primary full-width-btn" @click="fetchForm($event, newMemberUrl)" aria-label="Add new member" data-cy-btn="add-member"><svg class="fa5-icon fa5--align-baseline" aria-hidden="true" role="img"><use v-bind:xlink:href="svgIconUrl + '#plus'"></use></svg> Add new member</p></button>
+                <hr class="mui--hidden-xl">
+              </div>
+              <div class="mui--text-center" v-if="members" :class="[isUserProfileAdmin? 'membership-wrapper--right': '']">
+                <form class="mui-form mui--d-inlineblock search mui--z1" v-on:submit.prevent>
+                  <div class="mui-textfield">
+                    <input class="field-search" type="text" name="key" value="" placeholder="Search member…" v-model="search" @input="onChange"/>
+                  </div>
+                </form>
+              </div>
+            </div>
+            <div v-if="members">
+              <div class="mui--clearfix membership-wrapper__filter">
+                <p class="mui--text-title mui--pull-left">{{ members.length }} <span v-if="members.length > 1">members</span><span v-else>member</span></p>
+                <div class="mui--pull-right">
+                   <button class="mui-btn mui-btn--nostyle mui--text-title" @click="filter($event, 'name')" :class="[view == 'name' ? 'mui--text-bold mui--text-underline' : 'mui--text-light']">Name</button>
+                    <button class="mui-btn mui-btn--nostyle mui--text-light mui--text-title" @click="filter($event, 'role')"  :class="[view == 'role' ? 'mui--text-bold mui--text-underline' : 'mui--text-light']">Role</button>
+                </div>
+              </div>
+              <div v-if="view == 'role'" class="membership-wrapper__members">
+                <div v-for="role in roles">
+                  <p class="mui--text-subhead membership-wrapper__members__collapsible__header" @click="collapse($event, role)"> {{ role.roleName }}
+                    <svg class="fa5-icon fa5-icon--title fa5--align-baseline mui--pull-right collapsible__icon" aria-hidden="true" role="img">
+                      <use v-bind:xlink:href="svgIconUrl + '#angle-right'" v-if="!role.showMembers"></use>
+                      <use v-bind:xlink:href="svgIconUrl + '#angle-down'" v-else></use>
+                    </svg>
+                  </p>
+                  <transition name="slide-fade">
+                    <div v-if="role.showMembers">
+                      <div class="membership-wrapper__members__list membership-wrapper__members__list--nomargin" v-for="member in members" :class="[search && member.hide ? 'mui--hide' : '', isUserProfileAdmin ?  '' : 'membership-wrapper__members__list--viewonly']" @click="fetchForm($event, member.urls.edit, member)" title="Edit" aria-label="Edit" role="button" v-if="member[role.roleKey]">
+                        <member :member="member"></member>
+                      </div>
+                    </div>
+                  </transition>
+                </div>
+              </div>
+              <div v-if="view == 'name'" class="membership-wrapper__members">
+                <div class="membership-wrapper__members__list" v-for="member in members" :class="[search && member.hide ? 'mui--hide' : '', isUserProfileAdmin ? '' : 'membership-wrapper__members__list--viewonly']" @click="fetchForm($event, member.urls.edit, member)" title="Edit" aria-label="Edit" role="button">
+                   <member :member="member"></member>
+                </div>
+              </div>
+            </div>
+            <div class="card" v-else>
+              <div class="card__header mui--bg-accent">
+                <p class="mui--text-center zero-bottom-margin"><svg class="fa5-icon fa5-icon--display1" aria-hidden="true" role="img"><use v-bind:xlink:href="svgIconUrl + '#users'"></use></svg></p>
+                <p class="mui--text-subhead mui--text-bold mui--text-center zero-bottom-margin">No members found</p>
+                <p class="mui--text-body1 mui--text-center mui--text-light zero-bottom-margin">Members you add will appear here…</p>
+              </div>
+            </div>
+            <div id="member-form" class="modal modal-form" :class="[activeMember ? 'modal-form--edit' : '']">
+              <a class="modal__close" href="javascript:void(0);" aria-label="{% trans %}Close{% endtrans %}" rel="modal:close">
+                <svg class="fa5-icon fa5-icon--title" aria-hidden="true" role="img"><use v-bind:xlink:href="svgIconUrl + '#times'"></use></svg>
+              </a>
+              <component :is="Form"></component>
+              <div class="modal-form__action-box mui--bg-accent">
+                <p class="mui--text-subhead mui--text-danger mui--text-right" v-if="errorMsg">{{ errorMsg }}</p>
+                <button class="mui-btn mui-btn--nostyle mui--text-light" @click="closeForm($event)">Cancel</button>
+              </div>
+              <div v-if="activeMember" class="modal-form__action-box--revoke mui--text-center">
+                <button @click="fetchForm($event, deleteURL)" title="Delete" class="mui-btn mui-btn--nostyle mui--text-subhead"><span class="mui--text-light">Revoke this membership - </span><span class="mui--text-bold">Revoke</span></button>
+              </div>
+            </div>
+          </div>
+        {% endraw %}
+      </div>
+    </div>
+  </div>
+</div>
+{% raw %}
+<script type="text/x-template" id="member-template">
+  <div class="user-box mui--clearfix">
+    <img class="user-gravatar" :src=member.user_avatar :alt=member.user.fullname :aria-label=member.user.fullname v-if="member.user_avatar"/>
+    <img class="user-gravatar" src="https://www.gravatar.com/avatar/00000000000000000000000000000000?d=mp&f=y" :alt=member.user.fullname :aria-label=member.user.fullname v-else/>
+    <div class="mui--d-inlineblock">
+    <h3 class="mui--text-title zero-top-margin zero-bottom-margin" data-cy="member">{{ member.user.fullname }}</h3>
+    <h3 v-if="member.user.username" class="mui--text-subhead zero-top-margin zero-bottom-margin"><span>@{{ member.user.username }}</span></h3>
+    </div>
+    <ul class="mui-list--inline mui--text-subhead zero-bottom-margin membership-wrapper__members__list__roles">
+      <li v-if="member.is_editor" class="membership-wrapper__members__list__roles__role mui--text-body1" data-cy="role">Editor</li>
+      <li v-if="member.is_concierge" class="membership-wrapper__members__list__roles__role mui--text-body1" data-cy="role">Concierge</li>
+      <li v-if="member.is_usher" class="membership-wrapper__members__list__roles__role mui--text-body1" data-cy="role">Usher</li>
+      <li class="mui--text-light membership-wrapper__members__list__roles__count mui--text-caption" v-if="rolesCount(member) > 0">+ {{ rolesCount(member) }} more <span v-if="rolesCount(member) > 1">roles</span><span v-else>role</span></li>
+    </ul>
+  </div>
+</script>
+{% endraw %}
+{% endblock %}
+
+{% block footerscripts %}
+  <script src="{{ url_for('static', filename=asset_path('project_header')) }}" type="text/javascript"></script>
+  <script src="{{ url_for('static', filename=asset_path('membership')) }}" type="text/javascript"></script>
+  <script type="text/javascript">
+    $(function() {
+      var saveProjectConfig = {
+        formId: 'save-form',
+        postUrl: "{{ project.url_for('save') }}"
+      }
+      window.HasGeek.ProjectHeaderInit(saveProjectConfig);
+      var membershipConfig = {
+        newMemberUrl: "{{ project.url_for('new_member') }}",
+        members: {{ memberships|tojson }},
+        roles: [
+          {
+            roleKey: 'is_editor',
+            roleName: 'Editor',
+            showMembers: false,
+          },
+          {
+            roleKey: 'is_concierge',
+            roleName: 'Concierge',
+            showMembers: false,
+          },
+          {
+            roleKey: 'is_usher',
+            roleName: 'Usher',
+            showMembers: false,
+          },
+        ],
+        divElem: "#manage-membership",
+        memberTemplate: '#member-template',
+        isUserProfileAdmin: {%- if project.profile.current_roles.admin %} true {% else %} false {%- endif %},
+      };
+      HasGeek.Membership(membershipConfig);
+    });
+  </script>
+{% endblock %}
diff --git a/funnel/templates/project_membership_add_email.md.jinja2 b/funnel/templates/project_membership_add_email.md.jinja2
new file mode 100644
index 000000000..76fea1ea8
--- /dev/null
+++ b/funnel/templates/project_membership_add_email.md.jinja2
@@ -0,0 +1,5 @@
+{% trans project_title=project.title, granted_by=granted_by.pickername %}
+**{{ granted_by }}** has added you to **{{ project_title }}** as a crew member.
+{% endtrans %}
+
+[See more details]({{ project_membership_link }})
diff --git a/funnel/templates/project_membership_add_invite_email.md.jinja2 b/funnel/templates/project_membership_add_invite_email.md.jinja2
new file mode 100644
index 000000000..295e9fd59
--- /dev/null
+++ b/funnel/templates/project_membership_add_invite_email.md.jinja2
@@ -0,0 +1,5 @@
+{% trans project_title=project.title, granted_by=granted_by.pickername %}
+**{{ granted_by }}** invited you to join **{{ project_title }}**.
+{% endtranss %}
+
+[Accept or decline invite]({{ link }})
diff --git a/funnel/templates/project_membership_revoke_notification_email.md.jinja2 b/funnel/templates/project_membership_revoke_notification_email.md.jinja2
new file mode 100644
index 000000000..0ead60d9a
--- /dev/null
+++ b/funnel/templates/project_membership_revoke_notification_email.md.jinja2
@@ -0,0 +1,3 @@
+{% trans project_title=project.title, revoked_by=revoked_by.pickername %}
+You have been removed as a crew member from **{{ project_title }}** by **{{ revoked_by }}**.
+{% endtrans %}
diff --git a/funnel/templates/proposal.html.jinja2 b/funnel/templates/proposal.html.jinja2
index f4d8fadf2..6c7837c5c 100644
--- a/funnel/templates/proposal.html.jinja2
+++ b/funnel/templates/proposal.html.jinja2
@@ -59,9 +59,8 @@
     </div>
   </div>
   <div class="grid__col-xs-12 proposal-wrapper">
-
     <section class="proposal__section proposal__section--border grid__col--bleed-y">
-      <h1 class="mui--text-headline proposal__section__headline"><strong>{{ proposal.title }}</strong>  {% if proposal.current_roles.owner %}<a href="{{ proposal.url_for('edit') }}#field-title" aria-label="{% trans %}Edit proposal{% endtrans %}" class="mui--text-subhead mui--align-middle"> {{ faicon(icon='edit', icon_size='subhead', baseline=false) }}</a>{% endif %}</h1>
+      <h1 class="mui--text-headline proposal__section__headline"><strong>{{ proposal.title }}</strong>  {% if 'edit_proposal' in proposal.permissions(current_auth.user) %}<a href="{{ proposal.url_for('edit') }}#field-title" aria-label="{% trans %}Edit proposal{% endtrans %}" class="mui--text-subhead mui--align-middle"> {{ faicon(icon='edit', icon_size='subhead', baseline=false) }}</a>{% endif %}</h1>
       <p class="zero-bottom-margin">
         {% trans %}Submitted by{% endtrans%}
         {%- if proposal.speaker %}
@@ -82,7 +81,7 @@
         {%- endif -%}
       </p>
       <div class="details">
-        {% if proposal.session and proposal.session.video or proposal.video or proposal.current_roles.owner %}
+        {% if proposal.session and proposal.session.video or proposal.video or 'edit_proposal' in proposal.permissions(current_auth.user) %}
           <div class="details__box details__box--left mui-tabs__bar">
             {% with seq = 1 %}
               {% if proposal.session and proposal.session.video and proposal.session.video.url %}
@@ -105,7 +104,7 @@
                     {{ video_action_bar(proposal.video, proposal) }}
                   </div>
                 </div>
-              {%- elif proposal.current_roles.owner %}
+              {%- elif 'edit_proposal' in proposal.permissions(current_auth.user) %}
                 <div class="mui-tabs__pane {% if seq == 1 %}mui--is-active{%- endif -%}" id="pane-justified-{{ seq }}">
                   <div class="details__box__video details__box__video--novideo embed-video-wrapper">
                     <p class="details__box__video__banner mui--bg-warning mui--text-body1">{% trans %}Your proposal doesn't have a preview video!{% endtrans %}</p>
@@ -153,7 +152,6 @@
         {% endif %}
       </div>
     </section>
-
     <section class="proposal__section proposal__section--border">
       <div>
         {%- for label in proposal.labels %}
@@ -161,15 +159,14 @@
             <span class="label mui--text-bold">{% if label.icon_emoji %}{{ label.icon_emoji }} {% endif %}{% if label.main_label %}{{ label.main_label.title }}: {% endif %}{{ label.title }}</span>
           {%- endif %}
         {%- endfor %}
-        {%- if proposal.current_roles.admin %}
+        {%- if proposal.current_roles.project_editor %}
           {%- for label in proposal.labels %}
             {%- if label.restricted %}
               <span class="label mui--text-bold">{% if label.icon_emoji %}{{ label.icon_emoji }} {% endif %}{% if label.main_label %}{{ label.main_label.title }}: {% endif %}{{ label.title }}</span>
             {%- endif %}
           {%- endfor %}
         {% endif %}
-        <span class="label mui--text-bold" data-cy-proposal-status="{{ proposal.state.label.title }}">
-        {% trans status=proposal.state.label.title %}Status: {{ status }}{% endtrans %}</span>
+        <span class="label mui--text-bold" data-cy-proposal-status="{{ proposal.state.label.title }}">{% trans status=proposal.state.label.title %}Status: {{ status }}{% endtrans %}</span>
       </div>
       {% if proposal.state.SCHEDULED %}
         <div><a class="mui-btn mui-btn--raised mui-btn--small mui-btn--dark" href="{{ proposal.session.url_for() }}">{% trans %}View proposal in schedule{% endtrans %}</a></div>
@@ -178,20 +175,20 @@
 
     <section class="proposal__section--border">
       <div class="proposal__admin-panel sticky-admin-panel">
-        {%- if proposal.current_roles.owner or proposal.current_roles.admin %}
+        {%- if 'edit_proposal' in proposal.permissions(current_auth.user) or proposal.current_roles.project_editor %}
           <div class="card">
             <div class="card__header">
               <h3 class="mui--text-title mui--text-bold mui--text-uppercase" data-cy="admin-panel">Admin panel</h3>
             </div>
             <div class="card__body">
-              {%- if proposal.current_roles.owner %}
+              {%- if 'edit_proposal' in proposal.permissions(current_auth.user) %}
                 <ul class="mui-list--aligned">
                   <li><a href="{{ proposal.url_for('edit') }}" data-cy-admin="edit">{% trans %}Edit details{% endtrans %}</a></li>
                   <li><a href="{{ proposal.url_for('delete') }}" data-cy-admin="delete">{% trans %}Delete{% endtrans %}</a></li>
                 </ul>
                 <hr class="mui-divider">
-              {%- endif %}
-              {% if proposal.current_roles.admin %}
+              {% endif %}
+              {%- if proposal.current_roles.project_editor %}
                 {%- if proposal_move_form %}
                   {{ renderform(proposal_move_form, 'proposal-move', action=proposal.url_for('moveto'), submit="Move", style='horiz') }}
                   <hr class="mui-divider">
@@ -211,7 +208,7 @@
                 </form>
                 <hr class="mui-divider">
               {% endif %}
-              {% if proposal.current_roles.admin and  proposal_label_admin_form %}
+              {% if proposal_label_admin_form %}
                 <form action="{{ proposal.url_for('edit_labels') }}" method="post" class="add-label-form">
                   {{ proposal_label_admin_form.hidden_tag() }}
                   <p class="mui--text-title">Labels</p>
@@ -226,9 +223,9 @@
                   </div>
                   {{ rendersubmit([("add-label", "Save", '')]) }}
                 </form>
-              {%- endif %}
-              <hr class="mui-divider">
-              {% if proposal.current_roles.admin and proposal.state.SCHEDULED %}
+                <hr class="mui-divider">
+              {% endif %}
+              {% if proposal.current_roles.project_editor and proposal.state.SCHEDULED %}
                 <a class="mui-btn mui-btn--raised mui-btn--accent" href="{{ proposal.session.url_for('edit') }}" data-cy="edit-session-video" aria-label="{% trans %}Add session video{% endtrans %}">
                   {%- if proposal.session.video %}
                     {% trans %}Edit session video{% endtrans %}
@@ -236,7 +233,7 @@
                     {% trans %}Add session video{% endtrans %}
                   {%- endif %}
                 </a>
-              {%- elif proposal.current_roles.owner %}
+              {%- elif 'edit_proposal' in proposal.permissions(current_auth.user) %}
                 <a class="mui-btn mui-btn--raised mui-btn--accent" href="{{ proposal.url_for('edit') }}#field-video" data-cy="edit-proposal-video" aria-label="{% trans %}Add proposal video{% endtrans %}">
                   {%- if proposal.video %}
                     {% trans %}Edit proposal video{% endtrans %}
@@ -252,41 +249,41 @@
 
       <div class="proposal__section proposal__section--left">
         <div class="proposal-content">
-          <h3 class="mui--text-headline mui--text-bold">{% trans %}Abstract{% endtrans %} {% if proposal.current_roles.owner %}<a href="{{ proposal.url_for('edit') }}#field-abstract" class="mui--text-subhead mui--align-middle"> {{ faicon(icon='edit', icon_size='subhead', baseline=false, css_class='fa5--link') }}</a>{% endif %}</h3>
+          <h3 class="mui--text-headline mui--text-bold">{% trans %}Abstract{% endtrans %} {% if 'edit_proposal' in proposal.permissions(current_auth.user) %}<a href="{{ proposal.url_for('edit') }}#field-abstract" class="mui--text-subhead mui--align-middle"> {{ faicon(icon='edit', icon_size='subhead', baseline=false, css_class='fa5--link') }}</a>{% endif %}</h3>
           <div class="mui--text-subhead">{{ proposal.abstract }}</div>
 
-          <h3 class="mui--text-headline mui--text-bold">{% trans %}Outline{% endtrans %} {% if proposal.current_roles.owner %}<a href="{{ proposal.url_for('edit') }}#field-outline" class="mui--text-subhead mui--align-middle"> {{ faicon(icon='edit', icon_size='subhead', baseline=false, css_class='fa5--link') }}</a>{% endif %}</h3>
+          <h3 class="mui--text-headline mui--text-bold">{% trans %}Outline{% endtrans %} {% if 'edit_proposal' in proposal.permissions(current_auth.user) %}<a href="{{ proposal.url_for('edit') }}#field-outline" class="mui--text-subhead mui--align-middle"> {{ faicon(icon='edit', icon_size='subhead', baseline=false, css_class='fa5--link') }}</a>{% endif %}</h3>
           <div class="mui--text-subhead">{{ proposal.outline }}</div>
 
           {% if proposal.requirements.text -%}
-            <h3 class="mui--text-headline mui--text-bold">{% trans %}Requirements{% endtrans %} {% if proposal.current_roles.owner %}<a href="{{ proposal.url_for('edit') }}#field-requirements" class="mui--text-subhead mui--align-middle"> {{ faicon(icon='edit', icon_size='subhead', baseline=false, css_class='fa5--link') }}</a>{% endif %} </h3>
+            <h3 class="mui--text-headline mui--text-bold">{% trans %}Requirements{% endtrans %} {% if 'edit_proposal' in proposal.permissions(current_auth.user) %}<a href="{{ proposal.url_for('edit') }}#field-requirements" class="mui--text-subhead mui--align-middle"> {{ faicon(icon='edit', icon_size='subhead', baseline=false, css_class='fa5--link') }}</a>{% endif %} </h3>
             <div class="mui--text-subhead">{{ proposal.requirements }}</div>
-          {%- elif proposal.current_roles.owner %}
+          {%- elif 'edit_proposal' in proposal.permissions(current_auth.user) %}
             <h3 class="mui--text-headline mui--text-bold">{% trans %}Requirements{% endtrans %} <a href="{{ proposal.url_for('edit') }}#field-requirements" class="mui--text-subhead mui--align-middle"> {{ faicon(icon='edit', icon_size='subhead', baseline=false, css_class='fa5--link') }}</a></h3>
             <p><i>This section is empty.</i></p>
           {%- endif %}
 
           {% if proposal.bio.text -%}
-            <h3 class="mui--text-headline mui--text-bold">{% trans %}Speaker bio{% endtrans %} {% if proposal.current_roles.owner %}<a href="{{ proposal.url_for('edit') }}#field-bio" class="mui--text-subhead mui--align-middle"> {{ faicon(icon='edit', icon_size='subhead', baseline=false, css_class='fa5--link') }}</a>{% endif %}</h3>
+            <h3 class="mui--text-headline mui--text-bold">{% trans %}Speaker bio{% endtrans %} {% if 'edit_proposal' in proposal.permissions(current_auth.user) %}<a href="{{ proposal.url_for('edit') }}#field-bio" class="mui--text-subhead mui--align-middle"> {{ faicon(icon='edit', icon_size='subhead', baseline=false, css_class='fa5--link') }}</a>{% endif %}</h3>
             <div class="mui--text-subhead">{{ proposal.bio }}</div>
           {%- endif %}
 
           {% if proposal.links %}
-            <h3 class="mui--text-headline mui--text-bold">{% trans %}Links{% endtrans %} {% if proposal.current_roles.owner %}<a href="{{ proposal.url_for('edit') }}#field-links" class="mui--text-subhead mui--align-middle"> {{ faicon(icon='edit', icon_size='subhead', baseline=false, css_class='fa5--link') }}</a>{% endif %}</h3>
+            <h3 class="mui--text-headline mui--text-bold">{% trans %}Links{% endtrans %} {% if 'edit_proposal' in proposal.permissions(current_auth.user) %}<a href="{{ proposal.url_for('edit') }}#field-links" class="mui--text-subhead mui--align-middle"> {{ faicon(icon='edit', icon_size='subhead', baseline=false, css_class='fa5--link') }}</a>{% endif %}</h3>
             <ul class="links-list">
               {% for link in links -%}
                 <li class="mui--text-subhead">{{ link }}</li>
               {% endfor %}
             </ul>
-          {%- elif proposal.current_roles.owner %}
+          {%- elif 'edit_proposal' in proposal.permissions(current_auth.user) %}
             <h3 class="mui--text-headline mui--text-bold">{% trans %}Links{% endtrans %} <a href="{{ proposal.url_for('edit') }}#field-links" class="mui--text-subhead mui--align-middle">{{ faicon(icon='edit', icon_size='subhead', baseline=false, css_class='fa5--link') }}</a></h3>
             <p><i>This section is empty.</i></p>
           {% endif %}
 
           {% if proposal.slides.url %}
-            <h3 class="mui--text-headline mui--text-bold">{% trans %}Slides{% endtrans %} {% if proposal.current_roles.owner %}<a href="{{ proposal.url_for('edit') }}#field-slides" class="mui--text-subhead mui--align-middle"> {{ faicon(icon='edit', icon_size='subhead', baseline=false, css_class='fa5--link') }}</a>{% endif %}</h3>
+            <h3 class="mui--text-headline mui--text-bold">{% trans %}Slides{% endtrans %} {% if 'edit_proposal' in proposal.permissions(current_auth.user) %}<a href="{{ proposal.url_for('edit') }}#field-slides" class="mui--text-subhead mui--align-middle"> {{ faicon(icon='edit', icon_size='subhead', baseline=false, css_class='fa5--link') }}</a>{% endif %}</h3>
             <a href="{{ proposal.slides }}">{{ proposal.slides }}</a>
-          {%- elif proposal.current_roles.owner %}
+          {%- elif 'edit_proposal' in proposal.permissions(current_auth.user) %}
             <h3 class="mui--text-headline mui--text-bold">{% trans %}Slides{% endtrans %} <a href="{{ proposal.url_for('edit') }}#field-slides" class="mui--text-subhead mui--align-middle"> {{ faicon(icon='edit', icon_size='subhead', baseline=false, css_class='fa5--link') }}</a></h3>
             <p><i>This section is empty.</i></p>
           {% endif %}
diff --git a/funnel/templates/proposal_comment_email.md b/funnel/templates/proposal_comment_email.md.jinja2
similarity index 100%
rename from funnel/templates/proposal_comment_email.md
rename to funnel/templates/proposal_comment_email.md.jinja2
diff --git a/funnel/templates/proposal_comment_reply_email.md b/funnel/templates/proposal_comment_reply_email.md.jinja2
similarity index 100%
rename from funnel/templates/proposal_comment_reply_email.md
rename to funnel/templates/proposal_comment_reply_email.md.jinja2
diff --git a/funnel/templates/proposal_comment_to_proposer_email.md b/funnel/templates/proposal_comment_to_proposer_email.md.jinja2
similarity index 100%
rename from funnel/templates/proposal_comment_to_proposer_email.md
rename to funnel/templates/proposal_comment_to_proposer_email.md.jinja2
diff --git a/funnel/templates/proposals.html.jinja2 b/funnel/templates/proposals.html.jinja2
index a69cbd169..0618f71f6 100644
--- a/funnel/templates/proposals.html.jinja2
+++ b/funnel/templates/proposals.html.jinja2
@@ -39,7 +39,7 @@
                 {%- if proposal.user != proposal.speaker %}
                   <small class="mui--text-caption mui--text-accent">via {{ proposal.user.pickername }}</small>
                 {%- endif %}
-                {%- if current_auth.user and current_auth.permissions.edit_project %}
+                {%- if project.current_roles.editor %}
                   {%- if proposal.has_outstation_speaker %}
                     {{ faicon(icon='plane', icon_size='subhead', baseline=false, css_class='mui--align-middle') }}
                     <span class="mui--hide" aria-label="{% trans %}Outstation speaker{% endtrans %}"></span>
@@ -81,7 +81,7 @@
   <div class="mui-container">
     <div class="page-content page-content--mob-nav">
       <div class="grid project-section">
-       {% if project.current_roles.admin or project.current_roles.reviewer or not project.cfp_state.NONE -%}
+       {% if project.current_roles.editor or project.current_roles.reviewer or not project.cfp_state.NONE -%}
         <div class="grid__col-xs-12 about__details" id="call-for-proposal">
           <h2 class="mui--text-display1 project-section__headline mui--text-left mui--text-bold">{% trans %}Proposal guidelines{% endtrans %}</h2>
           {%- if project.instructions and project.instructions != "None" %}
@@ -107,9 +107,9 @@
       <div class="grid project-section" id="proposals">
         <div class="grid__col-xs-12">
           <h2 class="mui--text-display1 mui--text-left project-section__headline">{% trans %}All proposals{% endtrans %}</h2>
-            {%- if current_auth.permissions.view_status %}
+            {%- if project.current_roles.editor %}
               <div>
-                <form class="mui-form mui--pull-left search-proposal-form mui--z1">
+                <form class="mui-form mui--pull-left search search--50 mui--z1">
                   <div class="mui-textfield">
                     <input class="field-search" id="search" type="text" name="key" value="" placeholder="Search" />
                   </div>
diff --git a/funnel/templates/session_view_popup.html.jinja2 b/funnel/templates/session_view_popup.html.jinja2
index 6ec5b33f2..fc21edfea 100644
--- a/funnel/templates/session_view_popup.html.jinja2
+++ b/funnel/templates/session_view_popup.html.jinja2
@@ -40,7 +40,7 @@
           <div class="video_txt">
             <p>{{ faicon(icon='video-slash', icon_size='display1') }}</p>
             <p class="mui--text-light">{% trans %}The session has no attached video{% endtrans %}</p>
-            {% if not session.video and session.project.current_roles.admin %}
+            {% if not session.video and session.project.current_roles.editor %}
               <div>
                 <a class="mui-btn mui-btn--raised mui-btn--dark" href="{{ session.url_for('edit') }}" data-cy-admin="edit-session" aria-label="{% trans %}Add session video{% endtrans %}">Edit session</a>
               </div>
diff --git a/funnel/templates/settings.html.jinja2 b/funnel/templates/settings.html.jinja2
index 55e194f09..879a17f22 100644
--- a/funnel/templates/settings.html.jinja2
+++ b/funnel/templates/settings.html.jinja2
@@ -36,7 +36,7 @@
               <h3 class="mui--text-title mui--text-uppercase mui--text-bold">{% trans %}Admin panel{% endtrans %}</h3>
             </div>
             <div class="card__body">
-              {%- if project.current_roles.admin %}
+              {%- if project.current_roles.editor %}
                 {%- if transition_form %}
                   <div>
                     <p class="mui--text-body2 zero-bottom-margin mui--text-uppercase" data-cy="project-state">{% trans status=project.state.label.title %}Status: {{ status }}{% endtrans %}</p>
@@ -76,61 +76,63 @@
                     </form>
                   </div>
                 {%- endif %}
-                <hr class="mui-divider">
-                <div>
-                  <ul class="mui-list--inline list-item-rgborder">
-                    <li>
-                      <a href="{{ project.url_for('edit') }}" data-cy="edit">{% trans %}Edit project details{% endtrans %}</a>
-                    </li>
-                    <li>
-                      <a href="{{ project.url_for('edit') }}#field-livestream_urls" title="Add livestream url" data-cy="add-livestream">{% trans %}Add livestream url{% endtrans %}</a>
-                    </li>
-                    <li>
-                      <a href="{{ project.url_for('venues') }}" data-cy="manage-venues">{% trans %}Manage venues{% endtrans %}</a>
-                    </li>
-                    {% if project.cfp_state.NONE -%}
-                      <li>
-                        <a href="{{ project.url_for('cfp') }}" data-cy="add-cfp">{% trans %}Add proposal guidelines and timing{% endtrans %}</a>
-                      </li>
-                    {% else -%}
-                      <li>
-                        <a href="{{ project.url_for('cfp') }}" data-cy="modify-cfp">{% trans %}Modify proposal guidelines and timing{% endtrans %}</a>
-                      </li>
-                    {%- endif %}
-                    <li>
-                      <a href="{{ project.url_for('edit_schedule') }}" data-cy="edit-schedule">{% trans %}Edit schedule{% endtrans %}</a>
-                    </li>
-                    <li>
-                      <a href="{{ project.url_for('labels') }}" data-cy="manage-labels">{% trans %}Manage labels{% endtrans %}</a>
-                    </li>
-                    <li>
-                      <a href="{{ project.url_for('admin') }}" data-cy="checkin">{% trans %}Setup events for check-in{% endtrans %}</a>
-                    <li>
-                      <a href="{{ project.url_for('events') }}">{% trans %}Scan badges to check-in{% endtrans %}</a>
-                    </li>
-                  </ul>
-                </div>
-                <hr class="mui-divider">
-                <div>
-                  <p class="mui--text-body2 mui--text-light zero-bottom-margin mui--text-uppercase">Downloads</p>
-                  <p class="btn-group">
-                    <a href="{{ project.url_for('csv') }}" class="mui-btn mui-btn--small mui-btn--raised mui-btn--dark" target="_blank" aria-label="{% trans %}Download CSV{% endtrans %}" data-action="Download CSV">{{ faicon(icon='download') }} {% trans %}CSV{% endtrans %}</a>
-                    <a href="{{ project.url_for('json') }}" class="mui-btn mui-btn--small mui-btn--raised mui-btn--dark" target="_blank" aria-label="{% trans %}Download JSON{% endtrans %}" data-action="Download JSON">{{ faicon(icon='download') }} {% trans %}JSON{% endtrans %}</a>
-                    <a href="{{ project.url_for('schedule_json') }}" class="mui-btn mui-btn--small mui-btn--raised mui-btn--dark" target="_blank" aria-label="{% trans %}View schedule JSON{% endtrans %}" data-action="View JSON">{{ faicon(icon='download') }} {% trans %}Schedule JSON{% endtrans %}</a>
-                  </p>
-                </div>
-              {% elif current_auth.permissions.checkin_event %}
-                <div>
-                  <ul class="mui-list--inline list-item-rgborder">
-                    <li>
-                      <a href="{{ project.url_for('admin') }}">{% trans %}Manual check-in{% endtrans %}</a>
-                    </li>
-                    <li>
-                      <a href="{{ project.url_for('events') }}">{% trans %}Scan badges to check-in{% endtrans %}</a>
-                    </li>
-                  </ul>
-                </div>
-              {% endif %}
+              {%- endif %}
+              <hr class="mui-divider">
+              <div>
+                <ul class="mui-list--inline list-item-rgborder">
+                {% if project.view_for('edit').is_available() %}
+                  <li>
+                    <a href="{{ project.url_for('edit') }}" data-cy="edit">{% trans %}Edit project details{% endtrans %}</a>
+                  </li>
+                  <li>
+                    <a href="{{ project.url_for('edit') }}#field-livestream_urls" data-cy="add-livestream">{% trans %}Add livestream url{% endtrans %}</a>
+                  </li>
+                {% endif %}
+                {% if project.view_for('venues').is_available() %}
+                  <li>
+                    <a href="{{ project.url_for('venues') }}" data-cy="manage-venues">{% trans %}Manage venues{% endtrans %}</a>
+                  </li>
+                {%- endif %}
+                {% if project.view_for('cfp').is_available() and project.cfp_state.NONE -%}
+                  <li>
+                    <a href="{{ project.url_for('cfp') }}" data-cy="add-cfp">{% trans %}Add proposal guidelines and timing{% endtrans %}</a>
+                  </li>
+                {% else -%}
+                  <li>
+                    <a href="{{ project.url_for('cfp') }}" data-cy="modify-cfp">{% trans %}Modify proposal guidelines and timing{% endtrans %}</a>
+                  </li>
+                {%- endif %}
+                {% if project.view_for('edit_schedule').is_available() %}
+                  <li>
+                    <a href="{{ project.url_for('edit_schedule') }}" data-cy="edit-schedule">{% trans %}Edit schedule{% endtrans %}</a>
+                  </li>
+                {% endif %}
+                {% if project.view_for('labels').is_available() %}
+                  <li>
+                    <a href="{{ project.url_for('labels') }}" data-cy="manage-labels">{% trans %}Manage labels{% endtrans %}</a>
+                  </li>
+                {% endif %}
+                {% if project.view_for('admin').is_available() %}
+                  <li>
+                    <a href="{{ project.url_for('admin') }}" data-cy="setup-events">{% trans %}Setup events for check-in{% endtrans %}</a>
+                  </li>
+                {% endif %}
+                {% if project.view_for('events').is_available() %}
+                  <li>
+                    <a href="{{ project.url_for('events') }}" data-cy="scan-checkin">{% trans %}Scan badges to check-in{% endtrans %}</a>
+                  </li>
+                {% endif %}
+                </ul>
+              </div>
+              <hr class="mui-divider">
+              <div>
+                <p class="mui--text-body2 mui--text-light zero-bottom-margin mui--text-uppercase">Downloads</p>
+                <p class="btn-group">
+                  <a href="{{ project.url_for('csv') }}" class="mui-btn mui-btn--small mui-btn--raised mui-btn--dark" target="_blank" aria-label="{% trans %}Download CSV{% endtrans %}" data-action="Download CSV" data-cy="download-csv">{{ faicon(icon='download') }} {% trans %}CSV{% endtrans %}</a>
+                  <a href="{{ project.url_for('json') }}" class="mui-btn mui-btn--small mui-btn--raised mui-btn--dark" target="_blank" aria-label="{% trans %}Download JSON{% endtrans %}" data-action="Download JSON" data-cy="download-json">{{ faicon(icon='download') }} {% trans %}JSON{% endtrans %}</a>
+                  <a href="{{ project.url_for('schedule_json') }}" class="mui-btn mui-btn--small mui-btn--raised mui-btn--dark" target="_blank" aria-label="{% trans %}View schedule JSON{% endtrans %}" data-action="View JSON" data-cy="download-schedule-json">{{ faicon(icon='download') }} {% trans %}Schedule JSON{% endtrans %}</a>
+                </p>
+              </div>
             </div>
           </div>
         </div>
diff --git a/funnel/views/__init__.py b/funnel/views/__init__.py
index 2b2bcf413..9aef7d159 100644
--- a/funnel/views/__init__.py
+++ b/funnel/views/__init__.py
@@ -17,6 +17,7 @@
     index,
     label,
     login,
+    membership,
     mixins,
     organization,
     participant,
diff --git a/funnel/views/auth_client.py b/funnel/views/auth_client.py
index ab8929250..9406dc8a6 100644
--- a/funnel/views/auth_client.py
+++ b/funnel/views/auth_client.py
@@ -55,7 +55,7 @@ def available_client_owners():
     """
     choices = []
     choices.append((current_auth.user.buid, current_auth.user.pickername))
-    for org in current_auth.user.organizations_owned():
+    for org in current_auth.user.organizations_as_owner:
         choices.append((org.buid, org.pickername))
     return choices
 
diff --git a/funnel/views/auth_resource.py b/funnel/views/auth_resource.py
index 35072d42b..e088e6ca3 100644
--- a/funnel/views/auth_resource.py
+++ b/funnel/views/auth_resource.py
@@ -33,8 +33,6 @@
 
 def get_userinfo(user, auth_client, scope=[], user_session=None, get_permissions=True):
 
-    teams = {}
-
     if '*' in scope or 'id' in scope or 'id/*' in scope:
         userinfo = {
             'userid': user.buid,
@@ -67,67 +65,10 @@ def get_userinfo(user, auth_client, scope=[], user_session=None, get_permissions
                     'name': org.name,
                     'title': org.title,
                 }
-                for org in user.organizations_owned()
-            ],
-            'member': [
-                {
-                    'userid': org.buid,
-                    'buid': org.buid,
-                    'uuid': org.uuid,
-                    'name': org.name,
-                    'title': org.title,
-                }
-                for org in user.organizations_memberof()
-            ],
-            'all': [
-                {
-                    'userid': org.buid,
-                    'buid': org.buid,
-                    'uuid': org.uuid,
-                    'name': org.name,
-                    'title': org.title,
-                }
-                for org in user.organizations()
-            ],
+                for org in user.organizations_as_owner
+            ]
         }
 
-    if (
-        '*' in scope
-        or 'organizations' in scope
-        or 'teams' in scope
-        or 'organizations/*' in scope
-        or 'teams/*' in scope
-    ):
-        for team in user.teams:
-            teams[team.buid] = {
-                'userid': team.buid,
-                'buid': team.buid,
-                'uuid': team.uuid,
-                'title': team.title,
-                'org': team.organization.buid,
-                'org_uuid': team.organization.uuid,
-                'owners': team == team.organization.owners,
-                'member': True,
-            }
-
-    if '*' in scope or 'teams' in scope or 'teams/*' in scope:
-        for org in user.organizations_owned():
-            for team in org.teams:
-                if team.buid not in teams:
-                    teams[team.buid] = {
-                        'userid': team.buid,
-                        'buid': team.buid,
-                        'uuid': team.uuid,
-                        'title': team.title,
-                        'org': team.organization.buid,
-                        'org_uuid': team.organization.uuid,
-                        'owners': team == team.organization.owners,
-                        'member': False,
-                    }
-
-    if teams:
-        userinfo['teams'] = list(teams.values())
-
     if get_permissions:
         if auth_client.user:
             perms = AuthClientUserPermissions.get(auth_client=auth_client, user=user)
diff --git a/funnel/views/commentvote.py b/funnel/views/commentvote.py
index 534fd16f3..1df1008b0 100644
--- a/funnel/views/commentvote.py
+++ b/funnel/views/commentvote.py
@@ -82,7 +82,7 @@ def new_comment(self):
                     uuid_b58=commentform.comment_edit_id.data
                 ).first_or_404()
                 if comment:
-                    if comment.current_permissions.edit_comment:
+                    if comment.current_roles.author:
                         comment.message = commentform.message.data
                         comment.edited_at = utcnow()
                         flash(_("Your comment has been edited"), 'info')
@@ -114,7 +114,7 @@ def new_comment(self):
                                             project=self.obj.project.title,
                                             proposal=self.obj.title,
                                         ),
-                                        'template': 'proposal_comment_reply_email.md',
+                                        'template': 'proposal_comment_reply_email.md.jinja2',
                                     }
                                 )
                         else:
@@ -127,7 +127,7 @@ def new_comment(self):
                                             project=self.obj.project.title,
                                             proposal=self.obj.title,
                                         ),
-                                        'template': 'proposal_comment_to_proposer_email.md',
+                                        'template': 'proposal_comment_to_proposer_email.md.jinja2',
                                     }
                                 )
                             if not self.obj.owner == current_auth.user:
@@ -140,7 +140,7 @@ def new_comment(self):
                                             project=self.obj.project.title,
                                             proposal=self.obj.title,
                                         ),
-                                        'template': 'proposal_comment_email.md',
+                                        'template': 'proposal_comment_email.md.jinja2',
                                     }
                                 )
 
@@ -155,7 +155,7 @@ def new_comment(self):
                                     project=self.obj.project.title,
                                     proposal=self.obj.title,
                                 ),
-                                'template': 'proposal_comment_email.md',
+                                'template': 'proposal_comment_email.md.jinja2',
                             }
                         )
                 self.obj.commentset.count += 1
diff --git a/funnel/views/event.py b/funnel/views/event.py
index 54af1b672..0863c0764 100644
--- a/funnel/views/event.py
+++ b/funnel/views/event.py
@@ -7,7 +7,7 @@
 from baseframe import _, forms
 from baseframe.forms import render_delete_sqla, render_form
 from coaster.utils import getbool
-from coaster.views import ModelView, UrlForView, render_with, requires_permission, route
+from coaster.views import ModelView, UrlForView, render_with, requires_roles, route
 
 from .. import app, funnelapp
 from ..forms import EventForm, ParticipantBadgeForm, TicketClientForm, TicketTypeForm
@@ -34,7 +34,7 @@ class ProjectEventView(ProjectViewMixin, UrlForView, ModelView):
     @route('')
     @render_with('event_list.html.jinja2')
     @requires_login
-    @requires_permission('checkin_event')
+    @requires_roles({'concierge', 'usher'})
     def events(self):
         return {
             'project': self.obj,
@@ -44,7 +44,7 @@ def events(self):
 
     @route('json')
     @requires_login
-    @requires_permission('admin')
+    @requires_roles({'editor', 'concierge'})
     def events_json(self):
         return jsonify(
             events=[{'name': e.name, 'title': e.title} for e in self.obj.events]
@@ -52,7 +52,7 @@ def events_json(self):
 
     @route('new', methods=['GET', 'POST'])
     @requires_login
-    @requires_permission('new-event')
+    @requires_roles({'concierge'})
     def new_event(self):
         form = EventForm()
         if form.validate_on_submit():
@@ -70,7 +70,7 @@ def new_event(self):
 
     @route('ticket_type/new', methods=['GET', 'POST'])
     @requires_login
-    @requires_permission('new-ticket-type')
+    @requires_roles({'concierge'})
     def new_ticket_type(self):
         form = TicketTypeForm()
         form.events.query = self.obj.events
@@ -91,7 +91,7 @@ def new_ticket_type(self):
 
     @route('ticket_client/new', methods=['GET', 'POST'])
     @requires_login
-    @requires_permission('new_ticket_client')
+    @requires_roles({'concierge'})
     def new_ticket_client(self):
         form = TicketClientForm()
         if form.validate_on_submit():
@@ -124,7 +124,7 @@ class EventView(EventViewMixin, UrlForView, ModelView):
 
     @route('', methods=['GET', 'POST'])
     @render_with('event.html.jinja2')
-    @requires_permission('checkin_event')
+    @requires_roles({'project_concierge', 'project_usher'})
     def view(self):
         csrf_form = forms.Form()
         if csrf_form.validate_on_submit():
@@ -160,7 +160,7 @@ def view(self):
         }
 
     @route('edit', methods=['GET', 'POST'])
-    @requires_permission('edit_event')
+    @requires_roles({'project_concierge'})
     def edit(self):
         form = EventForm(obj=self.obj, model=Event)
         if form.validate_on_submit():
@@ -171,7 +171,7 @@ def edit(self):
         return render_form(form=form, title=_("Edit event"), submit=_("Save changes"))
 
     @route('delete', methods=['GET', 'POST'])
-    @requires_permission('delete_event')
+    @requires_roles({'project_concierge'})
     def delete(self):
         return render_delete_sqla(
             self.obj,
@@ -188,7 +188,7 @@ def delete(self):
 
     @route('scan_badge')
     @render_with('scan_badge.html.jinja2')
-    @requires_permission('checkin_event')
+    @requires_roles({'project_concierge', 'project_usher'})
     def scan_badge(self):
         return {
             'profile': self.obj.project.profile,
@@ -234,7 +234,7 @@ def after_loader(self):
 
     @route('')
     @render_with('ticket_type.html.jinja2')
-    @requires_permission('view_ticket_type')
+    @requires_roles({'project_concierge'})
     def view(self):
         participants = (
             Participant.query.join(SyncTicket)
@@ -249,7 +249,7 @@ def view(self):
         }
 
     @route('edit', methods=['GET', 'POST'])
-    @requires_permission('edit_event')
+    @requires_roles({'project_concierge'})
     def edit(self):
         form = TicketTypeForm(obj=self.obj, model=TicketType)
         form.events.query = self.obj.project.events
@@ -263,7 +263,7 @@ def edit(self):
         )
 
     @route('delete', methods=['GET', 'POST'])
-    @requires_permission('delete_ticket_type')
+    @requires_roles({'project_concierge'})
     def delete(self):
         return render_delete_sqla(
             self.obj,
@@ -315,7 +315,7 @@ def after_loader(self):
         return super(TicketClientView, self).after_loader()
 
     @route('edit', methods=['GET', 'POST'])
-    @requires_permission('edit_ticket_client')
+    @requires_roles({'project_concierge'})
     def edit(self):
         form = TicketClientForm(obj=self.obj, model=TicketClient)
         if form.validate_on_submit():
@@ -328,7 +328,7 @@ def edit(self):
         )
 
     @route('delete', methods=['GET', 'POST'])
-    @requires_permission('delete_ticket_client')
+    @requires_roles({'project_concierge'})
     def delete(self):
         return render_delete_sqla(
             self.obj,
diff --git a/funnel/views/helpers.py b/funnel/views/helpers.py
index 7dd80be1d..8142890f3 100644
--- a/funnel/views/helpers.py
+++ b/funnel/views/helpers.py
@@ -113,8 +113,6 @@ def _load_user(self):
                 'session', UserSession.authenticate(buid=lastuser_cookie['sessionid'])
             )
             if current_auth.session:
-                current_auth.session.access()
-                db.session.commit()  # Save access
                 add_auth_attribute('user', current_auth.session.user)
             else:
                 # Invalid session. Logout the user
@@ -126,8 +124,6 @@ def _load_user(self):
             add_auth_attribute('user', User.get(buid=lastuser_cookie['userid']))
             if current_auth.is_authenticated:
                 add_auth_attribute('session', UserSession(user=current_auth.user))
-                current_auth.session.access()
-                db.session.commit()  # Save access
 
         if current_auth.session:
             lastuser_cookie['sessionid'] = current_auth.session.buid
@@ -220,6 +216,14 @@ def lastuser_cookie(response):
     Save lastuser login cookie and hasuser JS-readable flag cookie.
     """
     if request_has_auth() and hasattr(current_auth, 'cookie'):
+        if current_auth.session:
+            # Don't commit if the view failed to
+            db.session.rollback()
+            # Update user session access timestamp...
+            current_auth.session.access()
+            # ...and save it
+            db.session.commit()
+
         expires = utcnow() + timedelta(days=365)
         response.set_cookie(
             'lastuser',
diff --git a/funnel/views/index.py b/funnel/views/index.py
index e9e980861..532916118 100644
--- a/funnel/views/index.py
+++ b/funnel/views/index.py
@@ -58,13 +58,17 @@ def home(self):
         )
 
         return {
-            'all_projects': [p.current_access() for p in all_projects],
-            'upcoming_projects': [p.current_access() for p in upcoming_projects],
-            'open_cfp_projects': [p.current_access() for p in open_cfp_projects],
+            'all_projects': [p.access_for(roles={'all'}) for p in all_projects],
+            'upcoming_projects': [
+                p.access_for(roles={'all'}) for p in upcoming_projects
+            ],
+            'open_cfp_projects': [
+                p.access_for(roles={'all'}) for p in open_cfp_projects
+            ],
             'featured_project': (
-                featured_project.current_access() if featured_project else None
+                featured_project.access_for(roles={'all'}) if featured_project else None
             ),
-            'past_projects': [p.current_access() for p in past_projects],
+            'past_projects': [p.access_for(roles={'all'}) for p in past_projects],
             'project_save_form': SavedProjectForm(),
         }
 
diff --git a/funnel/views/label.py b/funnel/views/label.py
index 3b158e065..9397fb050 100644
--- a/funnel/views/label.py
+++ b/funnel/views/label.py
@@ -4,7 +4,7 @@
 from werkzeug.datastructures import MultiDict
 
 from baseframe import _, forms
-from coaster.views import ModelView, UrlForView, render_with, requires_permission, route
+from coaster.views import ModelView, UrlForView, render_with, requires_roles, route
 
 from .. import app, funnelapp
 from ..forms import LabelForm, LabelOptionForm
@@ -22,7 +22,7 @@ class ProjectLabelView(ProjectViewMixin, UrlForView, ModelView):
     @route('', methods=['GET', 'POST'])
     @render_with('labels.html.jinja2')
     @requires_login
-    @requires_permission('edit_project')
+    @requires_roles({'editor'})
     def labels(self):
         form = forms.Form()
         if form.validate_on_submit():
@@ -38,7 +38,7 @@ def labels(self):
     @route('new', methods=['GET', 'POST'])
     @requires_login
     @render_with('labels_form.html.jinja2')
-    @requires_permission('admin')
+    @requires_roles({'editor'})
     def new_label(self):
         form = LabelForm(model=Label, parent=self.obj.parent)
         emptysubform = LabelOptionForm(MultiDict({}))
@@ -126,7 +126,7 @@ def loader(self, profile, project, label):
     @route('edit', methods=['GET', 'POST'])
     @requires_login
     @render_with('labels_form.html.jinja2')
-    @requires_permission('edit_project')
+    @requires_roles({'project_editor'})
     def edit(self):
         emptysubform = LabelOptionForm(MultiDict({}))
         subforms = []
@@ -201,7 +201,7 @@ def edit(self):
 
     @route('archive', methods=['POST'])
     @requires_login
-    @requires_permission('admin')
+    @requires_roles({'project_editor'})
     def archive(self):
         form = forms.Form()
         if form.validate_on_submit():
@@ -214,7 +214,7 @@ def archive(self):
 
     @route('delete', methods=['GET', 'POST'])
     @requires_login
-    @requires_permission('admin')
+    @requires_roles({'project_editor'})
     def delete(self):
         if self.obj.has_proposals:
             flash(
diff --git a/funnel/views/membership.py b/funnel/views/membership.py
new file mode 100644
index 000000000..38738d904
--- /dev/null
+++ b/funnel/views/membership.py
@@ -0,0 +1,545 @@
+# -*- coding: utf-8 -*-
+
+from flask import abort, g, redirect, render_template, request
+
+from baseframe import _
+from baseframe.forms import Form, render_form
+from coaster.auth import current_auth
+from coaster.views import (
+    ModelView,
+    UrlChangeCheck,
+    UrlForView,
+    render_with,
+    requires_roles,
+    route,
+)
+
+from .. import app, funnelapp
+from ..forms import (
+    OrganizationMembershipForm,
+    ProjectCrewMembershipForm,
+    ProjectCrewMembershipInviteForm,
+    SavedProjectForm,
+)
+from ..jobs import send_mail_async
+from ..models import (
+    Organization,
+    OrganizationMembership,
+    Profile,
+    Project,
+    ProjectCrewMembership,
+    db,
+)
+from .decorators import legacy_redirect
+from .helpers import requires_login
+from .mixins import ProfileViewMixin, ProjectViewMixin
+
+
+@route('/<profile>/membership')
+class OrganizationMembersView(ProfileViewMixin, UrlForView, ModelView):
+    __decorators__ = [legacy_redirect]
+
+    @route('', methods=['GET', 'POST'])
+    @render_with('organization_membership.html.jinja2')
+    @requires_roles({'admin'})
+    def membership(self):
+        if not self.obj.organization:
+            # User profiles don't have memberships
+            abort(404)
+        return {
+            'profile': self.obj,
+            'memberships': [
+                membership.current_access()
+                for membership in self.obj.organization.active_admin_memberships
+            ],
+        }
+
+    @route('new', methods=['GET', 'POST'])
+    @render_with(json=True)
+    @requires_login
+    @requires_roles({'owner'})
+    def new_member(self):
+        if not self.obj.organization:
+            # User profiles don't have memberships
+            abort(404)
+        membership_form = OrganizationMembershipForm()
+
+        if request.method == 'POST':
+            if membership_form.validate_on_submit():
+                previous_membership = (
+                    OrganizationMembership.query.filter(
+                        OrganizationMembership.is_active
+                    )
+                    .filter_by(
+                        organization=self.obj.organization,
+                        user_id=membership_form.user.data.id,
+                    )
+                    .one_or_none()
+                )
+                if previous_membership is not None:
+                    return (
+                        {
+                            'status': 'error',
+                            'message': _("Member already exists in the profile"),
+                            'errors': membership_form.errors,
+                        },
+                        400,
+                    )
+                else:
+                    new_membership = OrganizationMembership(
+                        organization=self.obj.organization, granted_by=current_auth.user
+                    )
+                    membership_form.populate_obj(new_membership)
+                    db.session.add(new_membership)
+                    db.session.commit()
+
+                    send_mail_async.queue(
+                        sender=None,
+                        to=new_membership.user.email,
+                        body=render_template(
+                            'organization_membership_add_email.md.jinja2',
+                            granted_by=new_membership.granted_by,
+                            profile=self.obj,
+                            organization_membership_link=self.obj.url_for(
+                                'membership', _external=True
+                            ),
+                        ),
+                        subject=_("You have been added to {} as a admin").format(
+                            self.obj.title
+                        ),
+                    )
+                    return {
+                        'status': 'ok',
+                        'message': _("The user has been added as an admin"),
+                        'memberships': [
+                            membership.current_access()
+                            for membership in self.obj.organization.active_admin_memberships
+                        ],
+                    }
+            else:
+                return (
+                    {
+                        'status': 'error',
+                        'message': _("The new member could not be added"),
+                        'errors': membership_form.errors,
+                    },
+                    400,
+                )
+
+        membership_form_html = render_form(
+            form=membership_form,
+            title='',
+            submit=u'Add member',
+            ajax=False,
+            with_chrome=False,
+        )
+        return {'form': membership_form_html}
+
+
+OrganizationMembersView.init_app(app)
+
+
+@route('/<profile>/membership/<membership>')
+class OrganizationMembershipView(UrlChangeCheck, UrlForView, ModelView):
+    model = OrganizationMembership
+    __decorators__ = [legacy_redirect]
+
+    route_model_map = {'profile': 'organization.name', 'membership': 'uuid_b58'}
+
+    def loader(self, profile, membership):
+        obj = (
+            self.model.query.join(Organization, Profile)
+            .filter(
+                OrganizationMembership.uuid_b58 == membership,
+                OrganizationMembership.organization_id == Profile.organization_id,
+                Profile.name == profile,
+            )
+            .first_or_404()
+        )
+        return obj
+
+    def after_loader(self):
+        g.profile = self.obj.organization.profile
+        super().after_loader()
+
+    @route('edit', methods=['GET', 'POST'])
+    @render_with(json=True)
+    @requires_login
+    @requires_roles({'profile_owner'})
+    def edit(self):
+        previous_membership = self.obj
+        membership_form = OrganizationMembershipForm(obj=previous_membership)
+
+        if request.method == 'POST':
+            if membership_form.validate_on_submit():
+                if previous_membership.user == current_auth.user:
+                    return {
+                        'status': 'error',
+                        'message': _("You can't edit your own role"),
+                    }
+
+                previous_membership.replace(
+                    actor=current_auth.user, is_owner=membership_form.is_owner.data
+                )
+                db.session.commit()
+                return {
+                    'status': 'ok',
+                    'memberships': [
+                        membership.current_access()
+                        for membership in self.obj.organization.active_admin_memberships
+                    ],
+                }
+            else:
+                return (
+                    {
+                        'status': 'error',
+                        'message': _("At lease one role must be chosen"),
+                        'errors': membership_form.errors,
+                    },
+                    400,
+                )
+
+        membership_form_html = render_form(
+            form=membership_form,
+            title='',
+            submit=u'Edit membership',
+            ajax=False,
+            with_chrome=False,
+        )
+        return {'form': membership_form_html}
+
+    @route('delete', methods=['GET', 'POST'])
+    @render_with(json=True)
+    @requires_login
+    @requires_roles({'profile_owner'})
+    def delete(self):
+        form = Form()
+        if request.method == 'POST':
+            if form.validate_on_submit():
+                previous_membership = self.obj
+                if previous_membership.user == current_auth.user:
+                    return {
+                        'status': 'error',
+                        'message': _("You can't revoke your own membership"),
+                    }
+                if previous_membership.is_active:
+                    previous_membership.revoke(actor=current_auth.user)
+                    db.session.commit()
+
+                    send_mail_async.queue(
+                        sender=None,
+                        to=previous_membership.user.email,
+                        body=render_template(
+                            'organization_membership_revoke_notification_email.md.jinja2',
+                            revoked_by=current_auth.user,
+                            profile=self.obj.organization.profile,
+                        ),
+                        subject=_("You have been removed from {} as a member").format(
+                            self.obj.organization.title
+                        ),
+                    )
+                return {
+                    'status': 'ok',
+                    'memberships': [
+                        membership.current_access()
+                        for membership in self.obj.organization.active_admin_memberships
+                    ],
+                }
+            else:
+                return ({'status': 'error', 'errors': form.errors}, 400)
+
+        form_html = render_form(
+            form=form,
+            title=_("Delete member"),
+            message=_(
+                "Are you sure you want to remove {member} from {profile} as an admin?"
+            ).format(
+                member=self.obj.user.fullname, profile=self.obj.organization.title
+            ),
+            submit=_("Delete"),
+            ajax=False,
+            with_chrome=False,
+        )
+        return {'form': form_html}
+
+
+OrganizationMembershipView.init_app(app)
+
+
+#: Project Membership views
+
+
+@route('/<profile>/<project>/membership')
+class ProjectMembershipView(ProjectViewMixin, UrlForView, ModelView):
+    __decorators__ = [legacy_redirect]
+
+    @route('', methods=['GET', 'POST'])
+    @render_with('project_membership.html.jinja2')
+    def membership(self):
+        project_save_form = SavedProjectForm()
+        return {
+            'project': self.obj,
+            'memberships': [
+                membership.current_access()
+                for membership in self.obj.active_crew_memberships
+            ],
+            'project_save_form': project_save_form,
+        }
+
+    @route('new', methods=['GET', 'POST'])
+    @render_with(json=True)
+    @requires_login
+    @requires_roles({'profile_admin'})
+    def new_member(self):
+        membership_form = ProjectCrewMembershipForm()
+
+        if request.method == 'POST':
+            if membership_form.validate_on_submit():
+                previous_membership = (
+                    ProjectCrewMembership.query.filter(ProjectCrewMembership.is_active)
+                    .filter_by(project=self.obj, user_id=membership_form.user.data.id)
+                    .one_or_none()
+                )
+                if previous_membership is not None:
+                    return (
+                        {
+                            'status': 'error',
+                            'message': _("Member already exists in the project"),
+                            'errors': membership_form.errors,
+                        },
+                        400,
+                    )
+                else:
+                    new_membership = ProjectCrewMembership(
+                        parent_id=self.obj.id, granted_by=current_auth.user
+                    )
+                    membership_form.populate_obj(new_membership)
+                    db.session.add(new_membership)
+                    db.session.commit()
+
+                    # TODO: Once invite is introduced, send invite email here
+                    send_mail_async.queue(
+                        sender=None,
+                        to=new_membership.user.email,
+                        body=render_template(
+                            'project_membership_add_email.md.jinja2',
+                            # 'project_membership_add_invite_email.md.jinja2',
+                            granted_by=new_membership.granted_by,
+                            project=self.obj,
+                            project_membership_link=self.obj.url_for(
+                                'membership', _external=True
+                            )
+                            # link=new_membership.url_for('invite', _external=True),
+                        ),
+                        subject=_("You have been added to {} as a member").format(
+                            self.obj.title
+                        ),
+                    )
+                    return {
+                        'status': 'ok',
+                        'message': _("The user has been added as a member"),
+                        'memberships': [
+                            membership.current_access()
+                            for membership in self.obj.active_crew_memberships
+                        ],
+                    }
+            else:
+                return (
+                    {
+                        'status': 'error',
+                        'message': _("The new member could not be added"),
+                        'errors': membership_form.errors,
+                    },
+                    400,
+                )
+
+        membership_form_html = render_form(
+            form=membership_form,
+            title='',
+            submit=u'Add member',
+            ajax=False,
+            with_chrome=False,
+        )
+        return {'form': membership_form_html}
+
+
+@route('/<project>/membership', subdomain='<profile>')
+class FunnelProjectMembershipView(ProjectMembershipView):
+    pass
+
+
+ProjectMembershipView.init_app(app)
+FunnelProjectMembershipView.init_app(funnelapp)
+
+
+class ProjectCrewMembershipMixin(object):
+    model = ProjectCrewMembership
+
+    route_model_map = {
+        'profile': 'project.profile.name',
+        'project': 'project.name',
+        'membership': 'uuid_b58',
+    }
+
+    def loader(self, profile, project, membership):
+        obj = (
+            self.model.query.join(Project, Profile)
+            .filter(
+                Profile.name == profile,
+                Project.name == project,
+                ProjectCrewMembership.uuid_b58 == membership,
+            )
+            .first_or_404()
+        )
+        return obj
+
+    def after_loader(self):
+        g.profile = self.obj.project.profile
+        super(ProjectCrewMembershipMixin, self).after_loader()
+
+
+@route('/<profile>/<project>/membership/<membership>/invite')
+class ProjectCrewMembershipInviteView(
+    ProjectCrewMembershipMixin, UrlChangeCheck, UrlForView, ModelView
+):
+    __decorators__ = [legacy_redirect]
+
+    def loader(self, profile, project, membership):
+        obj = super().loader(profile, project, membership)
+        if not obj.is_invite or obj.user != current_auth.user:
+            raise abort(404)
+
+        return obj
+
+    @route('', methods=['GET'])
+    @render_with('membership_invite_actions.html.jinja2')
+    @requires_login
+    def invite(self):
+        return {'membership': self.obj.current_access(), 'form': Form()}
+
+    @route('action', methods=['POST'])
+    @requires_login
+    def invite_action(self):
+        membership_invite_form = ProjectCrewMembershipInviteForm()
+        if membership_invite_form.validate_on_submit():
+            if membership_invite_form.action.data == 'accept':
+                self.obj.accept(actor=current_auth.user)
+            elif membership_invite_form.action.data == 'decline':
+                self.obj.revoke(actor=current_auth.user)
+            db.session.commit()
+        return redirect(self.obj.project.url_for(), 303)
+
+
+@route('/<project>/membership/<membership>/invite', subdomain='<profile>')
+class FunnelProjectCrewMembershipInviteView(ProjectCrewMembershipInviteView):
+    pass
+
+
+ProjectCrewMembershipInviteView.init_app(app)
+FunnelProjectCrewMembershipInviteView.init_app(funnelapp)
+
+
+@route('/<profile>/<project>/membership/<membership>')
+class ProjectCrewMembershipView(
+    ProjectCrewMembershipMixin, UrlChangeCheck, UrlForView, ModelView
+):
+    __decorators__ = [legacy_redirect]
+
+    @route('edit', methods=['GET', 'POST'])
+    @render_with(json=True)
+    @requires_login
+    @requires_roles({'profile_admin'})
+    def edit(self):
+        previous_membership = self.obj
+        membership_form = ProjectCrewMembershipForm(obj=previous_membership)
+
+        if request.method == 'POST':
+            if membership_form.validate_on_submit():
+                previous_membership.replace(
+                    actor=current_auth.user,
+                    is_editor=membership_form.is_editor.data,
+                    is_concierge=membership_form.is_concierge.data,
+                    is_usher=membership_form.is_usher.data,
+                )
+                db.session.commit()
+                return {
+                    'status': 'ok',
+                    'memberships': [
+                        membership.current_access()
+                        for membership in self.obj.project.active_crew_memberships
+                    ],
+                }
+            else:
+                return (
+                    {
+                        'status': 'error',
+                        'message': _("At lease one role must be chosen"),
+                        'errors': membership_form.errors,
+                    },
+                    400,
+                )
+
+        membership_form_html = render_form(
+            form=membership_form,
+            title='',
+            submit=u'Edit membership',
+            ajax=False,
+            with_chrome=False,
+        )
+        return {'form': membership_form_html}
+
+    @route('delete', methods=['GET', 'POST'])
+    @render_with(json=True)
+    @requires_login
+    @requires_roles({'profile_admin'})
+    def delete(self):
+        form = Form()
+        if request.method == 'POST':
+            if form.validate_on_submit():
+                previous_membership = self.obj
+                if previous_membership.is_active:
+                    previous_membership.revoke(actor=current_auth.user)
+                    db.session.commit()
+
+                    send_mail_async.queue(
+                        sender=None,
+                        to=previous_membership.user.email,
+                        body=render_template(
+                            'project_membership_revoke_notification_email.md.jinja2',
+                            revoked_by=current_auth.user,
+                            project=self.obj.project,
+                        ),
+                        subject=_("You have been removed from {} as a member").format(
+                            self.obj.project.title
+                        ),
+                    )
+                return {
+                    'status': 'ok',
+                    'memberships': [
+                        membership.current_access()
+                        for membership in self.obj.project.active_crew_memberships
+                    ],
+                }
+            else:
+                return ({'status': 'error', 'errors': form.errors}, 400)
+
+        form_html = render_form(
+            form=form,
+            title=_("Delete member"),
+            message=_(
+                "Are you sure you want to remove {member} from the project?"
+            ).format(member=self.obj.user.fullname),
+            submit=_("Delete"),
+            ajax=False,
+            with_chrome=False,
+        )
+        return {'form': form_html}
+
+
+@route('/<project>/membership/<membership>', subdomain='<profile>')
+class FunnelProjectCrewMembershipView(ProjectCrewMembershipView):
+    pass
+
+
+ProjectCrewMembershipView.init_app(app)
+FunnelProjectCrewMembershipView.init_app(funnelapp)
diff --git a/funnel/views/organization.py b/funnel/views/organization.py
index 9975b58c5..ea993eb9a 100644
--- a/funnel/views/organization.py
+++ b/funnel/views/organization.py
@@ -20,12 +20,12 @@
 class OrgView(UrlForView, ModelView):
     __decorators__ = [requires_login]
     model = Organization
-    # Map <name> in URL to attribute `name`, for `url_for` automation
-    route_model_map = {'name': 'name'}
+    # Map <organization> in URL to attribute `name`, for `url_for` automation
+    route_model_map = {'organization': 'name'}
 
-    def loader(self, name=None):
-        if name:
-            obj = Organization.get(name=name)
+    def loader(self, organization=None):
+        if organization:
+            obj = Organization.get(name=organization)
             if not obj:
                 abort(404)
             return obj
@@ -34,35 +34,38 @@ def loader(self, name=None):
     def index(self):
         return render_template(
             'organization_index.html.jinja2',
-            organizations=current_auth.user.organizations_owned(),
+            organizations=current_auth.user.organizations_as_owner,
         )
 
-    @route('new', methods=['GET', 'POST'])
+    @route('/new', methods=['GET', 'POST'])
     def new(self):
         form = OrganizationForm()
         if form.validate_on_submit():
-            org = Organization()
+            org = Organization(owner=current_auth.user)
             form.populate_obj(org)
-            if current_auth.user not in org.owners.users:
-                org.owners.users.append(current_auth.user)
             db.session.add(org)
             db.session.commit()
             org_data_changed.send(org, changes=['new'], user=current_auth.user)
-            return render_redirect(org.url_for('view'), code=303)
+            if org.profile.state.PUBLIC:
+                return render_redirect(org.profile.url_for('edit'), code=303)
+            else:
+                return render_redirect(org.url_for(), code=303)
         return render_form(
             form=form,
-            title=_("New organization"),
+            title=_("Create a new organization"),
             formid='org_new',
-            submit=_("Create"),
+            submit=_("Next"),
             ajax=False,
         )
 
-    @route('<name>')
+    # TODO: Deprecated, redirect user to /<profile> instead once teams are removed
+    @route('<organization>')
     @requires_permission('view')
     def view(self):
         return render_template('organization.html.jinja2', org=self.obj)
 
-    @route('<name>/edit', methods=['GET', 'POST'])
+    # TODO: Deprecated, use `/<profile>/edit` instead
+    @route('<organization>/edit', methods=['GET', 'POST'])
     @requires_permission('edit')
     def edit(self):
         form = OrganizationForm(obj=self.obj)
@@ -79,7 +82,8 @@ def edit(self):
             ajax=False,
         )
 
-    @route('<name>/delete', methods=['GET', 'POST'])
+    # The /root URL is intentional as profiles don't have a delete endpoint
+    @route('/<organization>/delete', methods=['GET', 'POST'])
     @requires_permission('delete')
     def delete(self):
         if request.method == 'POST':
@@ -96,13 +100,13 @@ def delete(self):
             next=url_for('OrgView_index'),
         )
 
-    @route('<name>/teams')
+    @route('<organization>/teams')
     @requires_permission('view-teams')
     def teams(self):
         # There's no separate teams page at the moment
         return redirect(self.obj.url_for('view'))
 
-    @route('<name>/teams/new', methods=['GET', 'POST'])
+    @route('<organization>/teams/new', methods=['GET', 'POST'])
     @requires_permission('new-team')
     def new_team(self):
         form = TeamForm()
@@ -121,18 +125,18 @@ def new_team(self):
 OrgView.init_app(app)
 
 
-@route('/organizations/<name>/teams/<buid>')
+@route('/organizations/<organization>/teams/<team>')
 class TeamView(UrlForView, ModelView):
     __decorators__ = [requires_login]
     model = Team
     route_model_map = {  # Map <name> and <buid> in URLs to model attributes, for `url_for` automation
-        'name': 'organization.name',
-        'buid': 'buid',
+        'organization': 'organization.name',
+        'team': 'buid',
     }
 
-    def loader(self, name, buid):
-        obj = Team.get(buid=buid, with_parent=True)
-        if not obj or obj.organization.name != name:
+    def loader(self, organization, team):
+        obj = Team.get(buid=team, with_parent=True)
+        if not obj or obj.organization.name != organization:
             abort(404)
         return obj
 
diff --git a/funnel/views/participant.py b/funnel/views/participant.py
index 1d76d2b84..482fcbbbe 100644
--- a/funnel/views/participant.py
+++ b/funnel/views/participant.py
@@ -4,24 +4,23 @@
 
 from sqlalchemy.exc import IntegrityError
 
-from flask import flash, g, jsonify, redirect, request, url_for
+from flask import abort, flash, g, jsonify, redirect, request, url_for
 
 from baseframe import _, forms
 from baseframe.forms import render_form
-from coaster.auth import current_auth
 from coaster.utils import getbool, uuid_to_base58
 from coaster.views import (
     ClassView,
     ModelView,
     UrlForView,
     render_with,
-    requires_permission,
+    requires_roles,
     route,
 )
 
 from .. import app, funnelapp
 from ..forms import ParticipantForm
-from ..models import Attendee, Event, Participant, Profile, Project, SyncTicket, db
+from ..models import Attendee, Participant, Profile, Project, SyncTicket, db
 from ..utils import format_twitter_handle, make_qrcode, split_name, strip_null
 from ..views.helpers import mask_email
 from .decorators import legacy_redirect
@@ -82,7 +81,7 @@ def participant_checkin_data(participant, project, event):
         'checked_in': participant.checked_in,
         'ticket_type_titles': participant.ticket_type_titles,
     }
-    if 'checkin_event' in current_auth.user.current_permissions:
+    if {'concierge', 'usher'}.intersection(project.current_roles):
         data.update(
             {
                 'badge_url': url_for(
@@ -112,9 +111,20 @@ def participant_checkin_data(participant, project, event):
 class ProjectParticipantView(ProjectViewMixin, UrlForView, ModelView):
     __decorators__ = [legacy_redirect]
 
+    @route('json')
+    @requires_login
+    @requires_roles({'project_concierge', 'project_usher'})
+    def participants_json(self):
+        return jsonify(
+            participants=[
+                participant_data(participant, self.obj.id)
+                for participant in self.obj.participants
+            ]
+        )
+
     @route('new', methods=['GET', 'POST'])
     @requires_login
-    @requires_permission('new-participant')
+    @requires_roles({'project_concierge'})
     def new_participant(self):
         form = ParticipantForm(parent=self.obj)
         if form.validate_on_submit():
@@ -169,7 +179,7 @@ def after_loader(self):
         return super(ParticipantView, self).after_loader()
 
     @route('edit', methods=['GET', 'POST'])
-    @requires_permission('edit-participant')
+    @requires_roles({'project_concierge'})
     def edit(self):
         form = ParticipantForm(obj=self.obj, parent=self.obj.project)
         if form.validate_on_submit():
@@ -183,13 +193,13 @@ def edit(self):
 
     @route('badge', methods=['GET'])
     @render_with('badge.html.jinja2')
-    @requires_permission('checkin_event')
+    @requires_roles({'project_concierge', 'project_usher'})
     def badge(self):
         return {'badges': participant_badge_data([self.obj], self.obj.project)}
 
     @route('label_badge', methods=['GET'])
     @render_with('label_badge.html.jinja2')
-    @requires_permission('checkin_event')
+    @requires_roles({'project_concierge', 'project_usher'})
     def label_badge(self):
         return {'badges': participant_badge_data([self.obj], self.obj.project)}
 
@@ -208,7 +218,7 @@ class EventParticipantView(EventViewMixin, UrlForView, ModelView):
     __decorators__ = [legacy_redirect, requires_login]
 
     @route('participants/checkin', methods=['GET', 'POST'])
-    @requires_permission('checkin_event')
+    @requires_roles({'project_concierge', 'project_usher'})
     def checkin(self):
         form = forms.Form()
         if form.validate_on_submit():
@@ -226,7 +236,7 @@ def checkin(self):
 
     @route('participants/json')
     @render_with(json=True)
-    @requires_permission('checkin_event')
+    @requires_roles({'project_concierge', 'project_usher'})
     def participants_json(self):
         checkin_count = 0
         participants = []
@@ -245,7 +255,7 @@ def participants_json(self):
 
     @route('badges')
     @render_with('badge.html.jinja2')
-    @requires_permission('checkin_event')
+    @requires_roles({'project_concierge', 'project_usher'})
     def badges(self):
         badge_printed = getbool(request.args.get('badge_printed', 'f'))
         participants = (
@@ -261,7 +271,7 @@ def badges(self):
 
     @route('label_badges')
     @render_with('label_badge.html.jinja2')
-    @requires_permission('checkin_event')
+    @requires_roles({'project_concierge', 'project_usher'})
     def label_badges(self):
         badge_printed = getbool(request.args.get('badge_printed', 'f'))
         participants = (
@@ -293,30 +303,33 @@ class EventParticipantCheckinView(ClassView):
     @route('checkin', methods=['POST'])
     @render_with(json=True)
     def checkin_puk(self, profile, project, event, puk):
-        checked_in = getbool(request.form.get('checkin', 't'))
-        event = (
-            Event.query.join(Project, Profile)
-            .filter(
-                Profile.name == profile, Project.name == project, Event.name == event
-            )
-            .first_or_404()
-        )
-        participant = (
-            Participant.query.join(Project, Profile)
-            .filter(
-                Profile.name == profile, Project.name == project, Participant.puk == puk
-            )
-            .first_or_404()
-        )
-        attendee = Attendee.get(event, participant.uuid_b58)
-        if not attendee:
-            return (
-                {'error': 'not_found', 'error_description': "Attendee not found"},
-                404,
-            )
-        attendee.checked_in = checked_in
-        db.session.commit()
-        return {'attendee': {'fullname': participant.fullname}}
+        # checked_in = getbool(request.form.get('checkin', 't'))
+        # event = (
+        #     Event.query.join(Project, Profile)
+        #     .filter(
+        #         Profile.name == profile, Project.name == project, Event.name == event
+        #     )
+        #     .first_or_404()
+        # )
+        # participant = (
+        #     Participant.query.join(Project, Profile)
+        #     .filter(
+        #         Profile.name == profile, Project.name == project, Participant.puk == puk
+        #     )
+        #     .first_or_404()
+        # )
+        # attendee = Attendee.get(event, participant.uuid_b58)
+        # if not attendee:
+        #     return (
+        #         {'error': 'not_found', 'error_description': "Attendee not found"},
+        #         404,
+        #     )
+        # attendee.checked_in = checked_in
+        # db.session.commit()
+        # return {'attendee': {'fullname': participant.fullname}}
+
+        # FIXME: This view and badge generation need to be moved to use base58
+        abort(403)
 
 
 EventParticipantCheckinView.init_app(app)
diff --git a/funnel/views/profile.py b/funnel/views/profile.py
index 64f4ac143..23f42443a 100644
--- a/funnel/views/profile.py
+++ b/funnel/views/profile.py
@@ -4,10 +4,11 @@
 
 from baseframe import _
 from baseframe.forms import render_form
-from coaster.views import ModelView, UrlForView, render_with, requires_permission, route
+from coaster.auth import current_auth
+from coaster.views import ModelView, UrlForView, render_with, requires_roles, route
 
 from .. import app, funnelapp
-from ..forms import EditProfileForm, SavedProjectForm
+from ..forms import ProfileForm, SavedProjectForm
 from ..models import Profile, Project, db
 from .decorators import legacy_redirect
 from .mixins import ProfileViewMixin
@@ -19,7 +20,7 @@ class ProfileView(ProfileViewMixin, UrlForView, ModelView):
 
     @route('')
     @render_with('index.html.jinja2', json=True)
-    @requires_permission('view')
+    @requires_roles({'reader', 'admin'})
     def view(self):
         # `order_by(None)` clears any existing order defined in relationship.
         # We're using it because we want to define our own order here.
@@ -56,9 +57,14 @@ def view(self):
             .order_by(Project.schedule_start_at.asc())
             .all()
         )
-        draft_projects = [
-            proj for proj in self.obj.draft_projects if proj.current_roles.admin
-        ]
+
+        # If the user is an admin of this profile, show all draft projects.
+        # Else, only show the drafts they have a crew role in
+        if self.obj.current_roles.admin:
+            draft_projects = self.obj.draft_projects
+        else:
+            draft_projects = self.obj.draft_projects_for(current_auth.user)
+
         return {
             'profile': self.obj.current_access(),
             'past_projects': [p.current_access() for p in past_projects],
@@ -73,9 +79,9 @@ def view(self):
         }
 
     @route('edit', methods=['GET', 'POST'])
-    @requires_permission('edit-profile')
+    @requires_roles({'admin'})
     def edit(self):
-        form = EditProfileForm(obj=self.obj, model=Profile)
+        form = ProfileForm(obj=self.obj, model=Profile)
         if form.validate_on_submit():
             form.populate_obj(self.obj)
             db.session.commit()
@@ -94,7 +100,7 @@ def edit(self):
 class FunnelProfileView(ProfileView):
     @route('')
     @render_with('funnelindex.html.jinja2')
-    @requires_permission('view')
+    @requires_roles({'reader'})
     def view(self):
         return {'profile': self.obj, 'projects': self.obj.listed_projects}
 
diff --git a/funnel/views/project.py b/funnel/views/project.py
index 7d46c6aa6..ded1dec3d 100644
--- a/funnel/views/project.py
+++ b/funnel/views/project.py
@@ -23,7 +23,7 @@
     UrlForView,
     jsonp,
     render_with,
-    requires_permission,
+    requires_roles,
     route,
 )
 
@@ -86,7 +86,7 @@ class ProfileProjectView(ProfileViewMixin, UrlForView, ModelView):
 
     @route('new', methods=['GET', 'POST'])
     @requires_login
-    @requires_permission('new_project')
+    @requires_roles({'admin'})
     def new_project(self):
         form = ProjectForm(model=Project, parent=self.obj)
         # Profile URLs:
@@ -102,8 +102,12 @@ def new_project(self):
             form.populate_obj(project)
             db.session.add(project)
             db.session.commit()
+
             flash(_("Your new project has been created"), 'info')
+
+            # tag locations
             tag_locations.queue(project.id)
+
             return redirect(project.url_for(), code=303)
         return render_form(
             form=form,
@@ -128,7 +132,7 @@ class ProjectView(ProjectViewMixin, DraftViewMixin, UrlForView, ModelView):
 
     @route('')
     @render_with('project.html.jinja2')
-    @requires_permission('view')
+    @requires_roles({'reader'})
     def view(self):
         transition_form = ProjectTransitionForm(obj=self.obj)
         schedule_transition_form = ProjectScheduleTransitionForm(obj=self.obj)
@@ -146,7 +150,7 @@ def view(self):
 
     @route('proposals')
     @render_with('proposals.html.jinja2')
-    @requires_permission('view')
+    @requires_roles({'reader'})
     def view_proposals(self):
         cfp_transition_form = ProjectCfpTransitionForm(obj=self.obj)
         project_save_form = SavedProjectForm()
@@ -158,7 +162,6 @@ def view_proposals(self):
 
     @route('videos')
     @render_with('session_videos.html.jinja2')
-    @requires_permission('view')
     def session_videos(self):
         cfp_transition_form = ProjectCfpTransitionForm(obj=self.obj)
         project_save_form = SavedProjectForm()
@@ -170,7 +173,7 @@ def session_videos(self):
 
     @route('json')
     @render_with(json=True)
-    @requires_permission('view')
+    @requires_roles({'reader'})
     def json(self):
         proposals = (
             Proposal.query.filter_by(project=self.obj)
@@ -180,9 +183,6 @@ def json(self):
         return jsonp(
             **{
                 'project': project_data(self.obj),
-                'space': project_data(
-                    self.obj
-                ),  # TODO: Remove when the native app switches over
                 'venues': [venue_data(venue) for venue in self.obj.venues],
                 'rooms': [room_data(room) for room in self.obj.rooms],
                 'proposals': [proposal_data(proposal) for proposal in proposals],
@@ -191,7 +191,7 @@ def json(self):
         )
 
     @route('csv')
-    @requires_permission('view')
+    @requires_roles({'reader'})
     def csv(self):
         proposals = (
             Proposal.query.filter_by(project=self.obj)
@@ -220,7 +220,7 @@ def csv(self):
     @route('edit', methods=['GET', 'POST'])
     @render_with(json=True)
     @requires_login
-    @requires_permission('edit_project')
+    @requires_roles({'editor'})
     def edit(self):
         if request.method == 'GET':
             # find draft if it exists
@@ -272,7 +272,7 @@ def edit(self):
 
     @route('cfp', methods=['GET', 'POST'])
     @requires_login
-    @requires_permission('edit_project')
+    @requires_roles({'editor'})
     def cfp(self):
         form = CfpForm(obj=self.obj, model=Project)
         if form.validate_on_submit():
@@ -284,7 +284,7 @@ def cfp(self):
 
     @route('boxoffice_data', methods=['GET', 'POST'])
     @requires_login
-    @requires_permission('edit_project')
+    @requires_roles({'concierge'})
     def edit_boxoffice_data(self):
         form = ProjectBoxofficeForm(obj=self.obj, model=Project)
         if form.validate_on_submit():
@@ -298,7 +298,7 @@ def edit_boxoffice_data(self):
 
     @route('transition', methods=['POST'])
     @requires_login
-    @requires_permission('edit_project')
+    @requires_roles({'editor'})
     def transition(self):
         transition_form = ProjectTransitionForm(obj=self.obj)
         if (
@@ -317,7 +317,7 @@ def transition(self):
 
     @route('cfp_transition', methods=['POST'])
     @requires_login
-    @requires_permission('edit_project')
+    @requires_roles({'editor'})
     def cfp_transition(self):
         cfp_transition_form = ProjectCfpTransitionForm(obj=self.obj)
         if (
@@ -336,7 +336,7 @@ def cfp_transition(self):
 
     @route('schedule_transition', methods=['POST'])
     @requires_login
-    @requires_permission('edit_project')
+    @requires_roles({'editor'})
     def schedule_transition(self):
         schedule_transition_form = ProjectScheduleTransitionForm(obj=self.obj)
         if (
@@ -356,6 +356,7 @@ def schedule_transition(self):
 
     @route('rsvp', methods=['POST'])
     @requires_login
+    @requires_roles({'reader'})
     def rsvp_transition(self):
         form = RsvpTransitionForm()
         if form.validate_on_submit():
@@ -371,14 +372,14 @@ def rsvp_transition(self):
     @route('rsvp_list')
     @render_with('project_rsvp_list.html.jinja2')
     @requires_login
-    @requires_permission('edit_project')
+    @requires_roles({'concierge'})
     def rsvp_list(self):
         return {'project': self.obj, 'statuses': RSVP_STATUS}
 
     @route('save', methods=['POST'])
     @render_with(json=True)
     @requires_login
-    @requires_permission('view')
+    @requires_roles({'reader'})
     def save(self):
         form = SavedProjectForm()
         if form.validate_on_submit():
@@ -411,7 +412,7 @@ def save(self):
     @route('admin', methods=['GET', 'POST'])
     @render_with('admin.html.jinja2')
     @requires_login
-    @requires_permission('checkin_event')
+    @requires_roles({'concierge', 'usher'})
     def admin(self):
         csrf_form = forms.Form()
         if csrf_form.validate_on_submit():
@@ -438,7 +439,7 @@ def admin(self):
     @route('settings', methods=['GET', 'POST'])
     @render_with('settings.html.jinja2')
     @requires_login
-    @requires_permission('edit_project')
+    @requires_roles({'editor', 'concierge', 'usher'})
     def settings(self):
         transition_form = ProjectTransitionForm(obj=self.obj)
         schedule_transition_form = ProjectScheduleTransitionForm(obj=self.obj)
diff --git a/funnel/views/proposal.py b/funnel/views/proposal.py
index f5322f20a..112189a87 100644
--- a/funnel/views/proposal.py
+++ b/funnel/views/proposal.py
@@ -15,6 +15,7 @@
     jsonp,
     render_with,
     requires_permission,
+    requires_roles,
     route,
 )
 
@@ -123,12 +124,20 @@ class BaseProjectProposalView(ProjectViewMixin, UrlChangeCheck, UrlForView, Mode
     __decorators__ = [legacy_redirect]
 
     @requires_login
-    @requires_permission('new-proposal')
+    @requires_roles({'reader'})
     def new_proposal(self):
+        # This along with the `reader` role makes it possible for
+        # anyone to submit a proposal if the CFP is open.
+        if not self.obj.cfp_state.OPEN:
+            flash(_("CFP for this project is not open"), 'error')
+            return redirect(self.obj.url_for(), code=303)
+
         form = ProposalForm(model=Proposal, parent=self.obj)
+
         if request.method == 'GET':
             form.email.data = str(current_auth.user.email)
             form.phone.data = str(current_auth.user.phone)
+
         if form.validate_on_submit():
             proposal = Proposal(user=current_auth.user, project=self.obj)
             form.populate_obj(proposal)
@@ -140,6 +149,7 @@ def new_proposal(self):
             db.session.commit()
             flash(_("Your new session has been saved"), 'info')
             return redirect(proposal.url_for(), code=303)
+
         return render_form(
             form=form,
             title=_("Submit a session proposal"),
@@ -292,9 +302,9 @@ def transition(self):
             abort(403)
         return redirect(self.obj.url_for())
 
-    @route('next')  # NOQA: A003
+    @route('next')
     @requires_permission('view')
-    def next(self):
+    def next(self):  # NOQA: A003
         nextobj = self.obj.getnext()
         if nextobj:
             return redirect(nextobj.url_for())
diff --git a/funnel/views/schedule.py b/funnel/views/schedule.py
index f50eb3034..265bb705e 100644
--- a/funnel/views/schedule.py
+++ b/funnel/views/schedule.py
@@ -20,6 +20,7 @@
     render_with,
     requestargs,
     requires_permission,
+    requires_roles,
     route,
 )
 
@@ -177,7 +178,7 @@ class ProjectScheduleView(ProjectViewMixin, UrlForView, ModelView):
 
     @route('')
     @render_with('schedule.html.jinja2')
-    @requires_permission('view')
+    @requires_roles({'reader'})
     def schedule(self):
         schedule_transition_form = ProjectScheduleTransitionForm(obj=self.obj)
         project_save_form = SavedProjectForm()
@@ -228,13 +229,13 @@ def schedule(self):
 
     @route('subscribe')
     @render_with('schedule_subscribe.html.jinja2')
-    @requires_permission('view')
+    @requires_roles({'reader'})
     def subscribe_schedule(self):
         return {'project': self.obj, 'venues': self.obj.venues, 'rooms': self.obj.rooms}
 
     @route('json')
     @cors('*')
-    @requires_permission('view')
+    @requires_roles({'reader'})
     def schedule_json(self):
         scheduled_sessions_list = session_list_data(self.obj.scheduled_sessions)
         return jsonp(
@@ -246,7 +247,7 @@ def schedule_json(self):
         )
 
     @route('ical')
-    @requires_permission('view')
+    @requires_roles({'reader'})
     def schedule_ical(self):
         cal = Calendar()
         cal.add('prodid', "-//HasGeek//NONSGML Funnel//EN")
@@ -274,7 +275,7 @@ def schedule_ical(self):
     @route('edit')
     @render_with('schedule_edit.html.jinja2')
     @requires_login
-    @requires_permission('edit-schedule')
+    @requires_roles({'editor'})
     def edit_schedule(self):
         proposals = {
             'unscheduled': [
@@ -320,7 +321,7 @@ def edit_schedule(self):
     @route('update', methods=['POST'])
     @render_with('schedule_edit.html.jinja2')
     @requires_login
-    @requires_permission('edit-schedule')
+    @requires_roles({'editor'})
     @requestargs(('sessions', json.loads))
     def update_schedule(self, sessions):
         for session in sessions:
diff --git a/funnel/views/session.py b/funnel/views/session.py
index 5c8a8745a..e43295918 100644
--- a/funnel/views/session.py
+++ b/funnel/views/session.py
@@ -10,6 +10,7 @@
     render_with,
     requestargs,
     requires_permission,
+    requires_roles,
     route,
 )
 
@@ -107,7 +108,7 @@ class ProjectSessionView(ProjectViewMixin, UrlForView, ModelView):
 
     @route('new', methods=['GET', 'POST'])
     @requires_login
-    @requires_permission('new-session')
+    @requires_roles({'editor'})
     def new_session(self):
         return session_form(self.obj)
 
diff --git a/funnel/views/venue.py b/funnel/views/venue.py
index d3da6f125..fa2b57c47 100644
--- a/funnel/views/venue.py
+++ b/funnel/views/venue.py
@@ -4,7 +4,7 @@
 
 from baseframe import _
 from baseframe.forms import render_delete_sqla, render_form, render_redirect
-from coaster.views import ModelView, UrlForView, render_with, requires_permission, route
+from coaster.views import ModelView, UrlForView, render_with, requires_roles, route
 
 from .. import app, funnelapp
 from ..forms.venue import VenueForm, VenuePrimaryForm, VenueRoomForm
@@ -54,7 +54,7 @@ class ProjectVenueView(ProjectViewMixin, UrlForView, ModelView):
     @route('')
     @render_with('venues.html.jinja2')
     @requires_login
-    @requires_permission('view')
+    @requires_roles({'editor'})
     def venues(self):
         return {
             'project': self.obj,
@@ -64,7 +64,7 @@ def venues(self):
 
     @route('new', methods=['GET', 'POST'])
     @requires_login
-    @requires_permission('new-venue')
+    @requires_roles({'editor'})
     def new_venue(self):
         form = VenueForm()
         if form.validate_on_submit():
@@ -88,7 +88,7 @@ def new_venue(self):
     @route('update_venue_settings', methods=['POST'])
     @render_with(json=True)
     @requires_login
-    @requires_permission('edit-venue')
+    @requires_roles({'editor'})
     def update_venue_settings(self):
         if request.json is None:
             return {'error': _("Invalid data")}, 400
@@ -113,7 +113,7 @@ def update_venue_settings(self):
 
     @route('makeprimary', methods=['POST'])
     @requires_login
-    @requires_permission('edit-venue')
+    @requires_roles({'editor'})
     def makeprimary_venue(self):
         form = VenuePrimaryForm(parent=self.obj)
         if form.validate_on_submit():
@@ -144,7 +144,7 @@ class VenueView(VenueViewMixin, UrlForView, ModelView):
 
     @route('edit', methods=['GET', 'POST'])
     @requires_login
-    @requires_permission('edit-venue')
+    @requires_roles({'project_editor'})
     def edit(self):
         form = VenueForm(obj=self.obj)
         if form.validate_on_submit():
@@ -163,7 +163,7 @@ def edit(self):
 
     @route('delete', methods=['GET', 'POST'])
     @requires_login
-    @requires_permission('delete-venue')
+    @requires_roles({'project_editor'})
     def delete(self):
         if self.obj == self.obj.project.primary_venue:
             flash(_("You can not delete the primary venue"), 'danger')
@@ -183,7 +183,7 @@ def delete(self):
 
     @route('new', methods=['GET', 'POST'])
     @requires_login
-    @requires_permission('new-venue')
+    @requires_roles({'project_editor'})
     def new_venueroom(self):
         form = VenueRoomForm()
         if form.validate_on_submit():
@@ -218,7 +218,7 @@ class VenueRoomView(VenueRoomViewMixin, UrlForView, ModelView):
 
     @route('edit', methods=['GET', 'POST'])
     @requires_login
-    @requires_permission('edit-venue')
+    @requires_roles({'project_editor'})
     def edit(self):
         form = VenueRoomForm(obj=self.obj)
         if form.validate_on_submit():
@@ -237,7 +237,7 @@ def edit(self):
 
     @route('delete', methods=['GET', 'POST'])
     @requires_login
-    @requires_permission('delete-venue')
+    @requires_roles({'project_editor'})
     def delete(self):
         return render_delete_sqla(
             self.obj,
diff --git a/lastuser_git_merge/tests/unit/lastuser_core/test_model_user_Name.py b/lastuser_git_merge/tests/unit/lastuser_core/test_model_user_Name.py
deleted file mode 100644
index 9a137f81d..000000000
--- a/lastuser_git_merge/tests/unit/lastuser_core/test_model_user_Name.py
+++ /dev/null
@@ -1,124 +0,0 @@
-# -*- coding: utf-8 -*-
-
-from sqlalchemy.exc import IntegrityError
-
-from lastuserapp import db
-import lastuser_core.models as models
-
-from .test_db import TestDatabaseFixture
-
-
-class TestName(TestDatabaseFixture):
-    def test_is_available_name(self):
-        """
-        Names are only available if valid and unused
-        """
-        assert models.AccountName.is_available_name('invalid_name') is False
-        # 'piglet' is a name taken in the fixtures
-        assert models.AccountName.get('piglet') is not None
-        assert models.AccountName.is_available_name('piglet') is False
-        assert models.AccountName.is_available_name('peppa') is True
-
-    def test_validate_name_candidate(self):
-        """
-        The name validator returns error codes as expected
-        """
-        assert models.AccountName.validate_name_candidate(None) == 'blank'
-        assert models.AccountName.validate_name_candidate('') == 'blank'
-        assert models.AccountName.validate_name_candidate('invalid_name') == 'invalid'
-        assert models.AccountName.validate_name_candidate('0123456789' * 7) == 'long'
-        assert models.AccountName.validate_name_candidate('0123456789' * 6) is None
-        assert models.AccountName.validate_name_candidate('test-reserved') is None
-        db.session.add(models.AccountName(name='test-reserved', reserved=True))
-        db.session.commit()
-        assert models.AccountName.validate_name_candidate('test-reserved') == 'reserved'
-        assert models.AccountName.validate_name_candidate('piglet') == 'user'
-        assert models.AccountName.validate_name_candidate('batdog') == 'org'
-
-    def test_reserved_name(self):
-        """
-        Names can be reserved, with no user or organization
-        """
-        reserved_name = models.AccountName(name='reserved-name', reserved=True)
-        db.session.add(reserved_name)
-        db.session.commit()
-        retrieved_name = models.AccountName.get('reserved-name')
-        assert retrieved_name is reserved_name
-        assert reserved_name.user is None
-        assert reserved_name.user_id is None
-        assert reserved_name.organization is None
-        assert reserved_name.organization_id is None
-
-    def test_unassigned_name(self):
-        """
-        Names must be assigned to a user or organization if not reserved
-        """
-        unassigned_name = models.AccountName(name='unassigned')
-        db.session.add(unassigned_name)
-        with self.assertRaises(IntegrityError):
-            db.session.commit()
-
-    def test_double_assigned_name(self):
-        """
-        Names cannot be assigned to both a user and an organization simultaneously
-        """
-        user = models.User(fullname="User")
-        org = models.Organization(title="Organization")
-        name = models.AccountName(name='double-assigned', user=user, organization=org)
-        db.session.add_all([user, org, name])
-        with self.assertRaises(IntegrityError):
-            db.session.commit()
-
-    def test_user_two_names(self):
-        """
-        A user cannot have two names
-        """
-        assert self.fixtures.piglet.username == 'piglet'
-        peppa = models.AccountName(name='peppa', user=self.fixtures.piglet)
-        db.session.add(peppa)
-        with self.assertRaises(IntegrityError):
-            db.session.commit()
-
-    def test_org_two_names(self):
-        """
-        An organization cannot have two names
-        """
-        assert self.fixtures.batdog.name == 'batdog'
-        bathound = models.AccountName(
-            name='bathound', organization=self.fixtures.batdog
-        )
-        db.session.add(bathound)
-        with self.assertRaises(IntegrityError):
-            db.session.commit()
-
-    def test_remove_name(self):
-        """
-        Removing a name from a user or org also removes it from the Name table
-        """
-        assert self.fixtures.oakley.username == 'oakley'
-        assert models.AccountName.get('oakley') is not None
-        self.fixtures.oakley.username = None
-        db.session.commit()
-        assert models.AccountName.get('oakley') is None
-
-        assert self.fixtures.specialdachs.name == 'specialdachs'
-        assert models.AccountName.get('specialdachs') is not None
-        self.fixtures.specialdachs.name = None
-        db.session.commit()
-        assert models.AccountName.get('specialdachs') is None
-
-    def test_name_transfer(self):
-        assert self.fixtures.nameless.username is None
-        assert models.AccountName.get('newname') is None
-        newname = models.User(username='newname', fullname="New Name")
-        db.session.add(newname)
-        db.session.commit()
-        assert models.AccountName.get('newname') is not None
-        assert newname.username == 'newname'
-
-        merged = models.merge_users(self.fixtures.nameless, newname)
-        assert merged is not newname
-        assert merged is self.fixtures.nameless
-        assert newname.username is None
-        assert merged.username == 'newname'
-        assert self.fixtures.nameless.username == 'newname'
diff --git a/lastuser_git_merge/tests/unit/lastuser_oauth/__init__.py b/lastuser_git_merge/tests/unit/lastuser_oauth/__init__.py
deleted file mode 100644
index e69de29bb..000000000
diff --git a/lastuser_git_merge/tests/unit/lastuser_oauth/providers/__init__.py b/lastuser_git_merge/tests/unit/lastuser_oauth/providers/__init__.py
deleted file mode 100644
index e69de29bb..000000000
diff --git a/migrations/env.py b/migrations/env.py
index 0859f88fe..d0429c364 100644
--- a/migrations/env.py
+++ b/migrations/env.py
@@ -81,7 +81,7 @@ def process_revision_directives(context, revision, directives):
         connection=connection,
         target_metadata=target_metadata,
         process_revision_directives=process_revision_directives,
-        **current_app.extensions['migrate'].configure_args
+        **current_app.extensions['migrate'].configure_args,
     )
 
     try:
diff --git a/migrations/versions/71fcac85957c_populate_membership_models.py b/migrations/versions/71fcac85957c_populate_membership_models.py
new file mode 100644
index 000000000..92ecaa563
--- /dev/null
+++ b/migrations/versions/71fcac85957c_populate_membership_models.py
@@ -0,0 +1,239 @@
+# -*- coding: utf-8 -*-
+"""Populate membership models
+
+Revision ID: 71fcac85957c
+Revises: 8829241430b6
+Create Date: 2020-04-21 02:01:52.012077
+
+"""
+
+from uuid import uuid4
+
+from alembic import op
+from sqlalchemy.dialects import postgresql
+from sqlalchemy.sql import column, table
+import sqlalchemy as sa
+
+# revision identifiers, used by Alembic.
+revision = '71fcac85957c'
+down_revision = '8829241430b6'
+branch_labels = None
+depends_on = None
+
+
+class MEMBERSHIP_RECORD_TYPE:  # NOQA: N801
+    INVITE = 0
+    ACCEPT = 1
+    DIRECT_ADD = 2
+    AMEND = 3
+
+
+organization = table(
+    'organization',
+    column('id', sa.Integer()),
+    column('owners_id', sa.Integer()),
+    column('uuid', postgresql.UUID(as_uuid=True)),
+)
+
+profile = table(
+    'profile',
+    column('id', sa.Integer()),
+    column('uuid', postgresql.UUID(as_uuid=True)),
+    column('user_id', sa.Integer()),
+    column('organization_id', sa.Integer()),
+    column('admin_team_id', sa.Integer()),
+)
+
+project = table(
+    'project',
+    column('id', sa.Integer()),
+    column('profile_id', sa.Integer()),
+    column('checkin_team_id', sa.Integer()),
+    column('review_team_id', sa.Integer()),
+    column('admin_team_id', sa.Integer()),
+)
+
+team = table(
+    'team',
+    column('id', sa.Integer()),
+    column('organization_id', sa.Integer()),
+    column('created_at', sa.TIMESTAMP(timezone=True)),
+)
+
+team_membership = table(
+    'team_membership',
+    column('user_id', sa.Integer()),
+    column('team_id', sa.Integer()),
+    column('created_at', sa.TIMESTAMP(timezone=True)),
+)
+
+proposal = table(
+    'proposal',
+    column('id', sa.Integer()),
+    column('created_at', sa.TIMESTAMP(timezone=True)),
+    column('user_id', sa.Integer()),
+    column('speaker_id', sa.Integer()),
+)
+
+project_crew_membership = table(
+    'project_crew_membership',
+    column('id', postgresql.UUID(as_uuid=True)),
+    column('project_id', sa.Integer()),
+    column('user_id', sa.Integer()),
+    column('is_editor', sa.Boolean()),
+    column('is_concierge', sa.Boolean()),
+    column('is_usher', sa.Boolean()),
+    column('granted_by_id', sa.Integer()),
+    column('revoked_by_id', sa.Integer()),
+    column('granted_at', sa.TIMESTAMP(timezone=True)),
+    column('record_type', sa.Integer()),
+    column('created_at', sa.TIMESTAMP(timezone=True)),
+    column('updated_at', sa.TIMESTAMP(timezone=True)),
+    column('revoked_at', sa.TIMESTAMP(timezone=True)),
+)
+
+organization_membership = table(
+    'organization_membership',
+    column('id', postgresql.UUID(as_uuid=True)),
+    column('organization_id', sa.Integer()),
+    column('user_id', sa.Integer()),
+    column('is_owner', sa.Boolean()),
+    column('granted_by_id', sa.Integer()),
+    column('revoked_by_id', sa.Integer()),
+    column('granted_at', sa.TIMESTAMP(timezone=True)),
+    column('record_type', sa.Integer()),
+    column('created_at', sa.TIMESTAMP(timezone=True)),
+    column('updated_at', sa.TIMESTAMP(timezone=True)),
+    column('revoked_at', sa.TIMESTAMP(timezone=True)),
+)
+
+proposal_membership = table(
+    'proposal_membership',
+    column('id', postgresql.UUID(as_uuid=True)),
+    column('proposal_id', sa.Integer()),
+    column('user_id', sa.Integer()),
+    column('is_reviewer', sa.Boolean()),
+    column('is_speaker', sa.Boolean()),
+    column('granted_by_id', sa.Integer()),
+    column('revoked_by_id', sa.Integer()),
+    column('granted_at', sa.TIMESTAMP(timezone=True)),
+    column('record_type', sa.Integer()),
+    column('created_at', sa.TIMESTAMP(timezone=True)),
+    column('updated_at', sa.TIMESTAMP(timezone=True)),
+    column('revoked_at', sa.TIMESTAMP(timezone=True)),
+)
+
+
+def upgrade():
+    conn = op.get_bind()
+
+    #: Create OrganizationMembership record for owners team members of Organization
+    orgs = conn.execute(sa.select([organization.c.id, organization.c.owners_id]))
+    for org_id, org_owners_id in orgs:
+        owner_team_users = conn.execute(
+            sa.select([team_membership.c.user_id, team_membership.c.created_at])
+            .where(team.c.id == org_owners_id)
+            .where(team_membership.c.team_id == team.c.id)
+        )
+        owners_dict = {user_id: created_at for user_id, created_at in owner_team_users}
+        admin_team_users = conn.execute(
+            sa.select([team_membership.c.user_id, team_membership.c.created_at])
+            .where(profile.c.organization_id == org_id)
+            .where(team_membership.c.team_id == profile.c.admin_team_id)
+        )
+        admins_dict = {user_id: created_at for user_id, created_at in admin_team_users}
+        all_profile_admins = set(owners_dict.keys()) | set(admins_dict.keys())
+
+        for user_id in all_profile_admins:
+            conn.execute(
+                organization_membership.insert().values(
+                    {
+                        'id': uuid4(),
+                        'organization_id': org_id,
+                        'user_id': user_id,
+                        'is_owner': user_id in owners_dict,
+                        'granted_by_id': None,
+                        'granted_at': (
+                            owners_dict[user_id]
+                            if user_id in owners_dict
+                            else admins_dict[user_id]
+                        ),
+                        'record_type': MEMBERSHIP_RECORD_TYPE.DIRECT_ADD,
+                        'created_at': sa.func.now(),
+                        'updated_at': sa.func.now(),
+                    }
+                )
+            )
+
+    #: Create ProjectCrewMembership record for admin_team,
+    # checkin_team and review_team members of Projects
+    projects = conn.execute(
+        sa.select(
+            [
+                project.c.id,
+                project.c.checkin_team_id,
+                project.c.review_team_id,
+                project.c.admin_team_id,
+            ]
+        )
+    )
+    for project_id, checkin_team_id, review_team_id, admin_team_id in projects:
+        checkin_team_users = conn.execute(
+            sa.select([team_membership.c.user_id, team_membership.c.created_at]).where(
+                team_membership.c.team_id == checkin_team_id
+            )
+        )
+        checkin_dict = {
+            user_id: created_at for user_id, created_at in checkin_team_users
+        }
+        review_team_users = conn.execute(
+            sa.select([team_membership.c.user_id, team_membership.c.created_at]).where(
+                team_membership.c.team_id == review_team_id
+            )
+        )
+        review_dict = {user_id: created_at for user_id, created_at in review_team_users}
+        admin_team_users = conn.execute(
+            sa.select([team_membership.c.user_id, team_membership.c.created_at]).where(
+                team_membership.c.team_id == admin_team_id
+            )
+        )
+        admin_dict = {user_id: created_at for user_id, created_at in admin_team_users}
+        all_users = (
+            set(checkin_dict.keys()) | set(review_dict.keys()) | set(admin_dict.keys())
+        )
+
+        for user_id in all_users:
+            conn.execute(
+                project_crew_membership.insert().values(
+                    {
+                        'id': uuid4(),
+                        'project_id': project_id,
+                        'user_id': user_id,
+                        #: admin and review team members become editors
+                        'is_editor': user_id in admin_dict or user_id in review_dict,
+                        #: admin team members become concierge
+                        'is_concierge': user_id in admin_dict,
+                        #: checkin team members become ushers
+                        'is_usher': user_id in checkin_dict,
+                        'granted_by_id': None,
+                        'granted_at': (
+                            admin_dict[user_id]
+                            if user_id in admin_dict
+                            else checkin_dict[user_id]
+                            if user_id in checkin_dict
+                            else review_dict[user_id]
+                            if user_id in review_dict
+                            else sa.func.now()
+                        ),
+                        'record_type': MEMBERSHIP_RECORD_TYPE.DIRECT_ADD,
+                        'created_at': sa.func.now(),
+                        'updated_at': sa.func.now(),
+                    }
+                )
+            )
+
+
+def downgrade():
+    conn = op.get_bind()
+    conn.execute(project_crew_membership.delete())
+    conn.execute(organization_membership.delete())
diff --git a/migrations/versions/8829241430b6_add_membership_models.py b/migrations/versions/8829241430b6_add_membership_models.py
new file mode 100644
index 000000000..9e7acf4f7
--- /dev/null
+++ b/migrations/versions/8829241430b6_add_membership_models.py
@@ -0,0 +1,154 @@
+# -*- coding: utf-8 -*-
+"""Add membership models
+
+Revision ID: 8829241430b6
+Revises: 41b3af7e4449
+Create Date: 2020-04-21 01:40:41.323838
+
+"""
+
+from alembic import op
+from sqlalchemy.dialects import postgresql
+import sqlalchemy as sa
+
+# revision identifiers, used by Alembic.
+revision = '8829241430b6'
+down_revision = '41b3af7e4449'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    op.create_table(
+        'organization_membership',
+        sa.Column('id', postgresql.UUID(), nullable=False),
+        sa.Column('created_at', sa.TIMESTAMP(timezone=True), nullable=False),
+        sa.Column('updated_at', sa.TIMESTAMP(timezone=True), nullable=False),
+        sa.Column('granted_at', sa.TIMESTAMP(timezone=True), nullable=False),
+        sa.Column('revoked_at', sa.TIMESTAMP(timezone=True), nullable=True),
+        sa.Column('record_type', sa.Integer(), nullable=False),
+        sa.Column('organization_id', sa.Integer(), nullable=False),
+        sa.Column('user_id', sa.Integer(), nullable=False),
+        sa.Column('is_owner', sa.Boolean(), nullable=False),
+        sa.Column('revoked_by_id', sa.Integer(), nullable=True),
+        sa.Column('granted_by_id', sa.Integer(), nullable=True),
+        sa.ForeignKeyConstraint(['granted_by_id'], ['user.id'], ondelete='SET NULL'),
+        sa.ForeignKeyConstraint(
+            ['organization_id'], ['organization.id'], ondelete='CASCADE'
+        ),
+        sa.ForeignKeyConstraint(['user_id'], ['user.id'], ondelete='CASCADE'),
+        sa.ForeignKeyConstraint(['revoked_by_id'], ['user.id'], ondelete='SET NULL'),
+        sa.PrimaryKeyConstraint('id'),
+    )
+    op.create_index(
+        op.f('ix_organization_membership_user_id'),
+        'organization_membership',
+        ['user_id'],
+        unique=False,
+    )
+    op.create_index(
+        op.f('ix_organization_membership_active'),
+        'organization_membership',
+        ['organization_id', 'user_id'],
+        unique=True,
+        postgresql_where=sa.text('revoked_at IS NULL'),
+    )
+    op.create_table(
+        'project_crew_membership',
+        sa.Column('id', postgresql.UUID(), nullable=False),
+        sa.Column('created_at', sa.TIMESTAMP(timezone=True), nullable=False),
+        sa.Column('updated_at', sa.TIMESTAMP(timezone=True), nullable=False),
+        sa.Column('granted_at', sa.TIMESTAMP(timezone=True), nullable=False),
+        sa.Column('revoked_at', sa.TIMESTAMP(timezone=True), nullable=True),
+        sa.Column('record_type', sa.Integer(), nullable=False),
+        sa.Column('project_id', sa.Integer(), nullable=False),
+        sa.Column('user_id', sa.Integer(), nullable=False),
+        sa.Column('is_editor', sa.Boolean(), nullable=False),
+        sa.Column('is_concierge', sa.Boolean(), nullable=False),
+        sa.Column('is_usher', sa.Boolean(), nullable=False),
+        sa.Column('revoked_by_id', sa.Integer(), nullable=True),
+        sa.Column('granted_by_id', sa.Integer(), nullable=True),
+        sa.CheckConstraint(
+            'is_editor IS TRUE OR is_concierge IS TRUE OR is_usher IS TRUE',
+            name='project_crew_membership_has_role',
+        ),
+        sa.ForeignKeyConstraint(['project_id'], ['project.id'], ondelete='CASCADE'),
+        sa.ForeignKeyConstraint(['user_id'], ['user.id'], ondelete='CASCADE'),
+        sa.ForeignKeyConstraint(['granted_by_id'], ['user.id'], ondelete='SET NULL'),
+        sa.ForeignKeyConstraint(['revoked_by_id'], ['user.id'], ondelete='SET NULL'),
+        sa.PrimaryKeyConstraint('id'),
+    )
+    op.create_index(
+        op.f('ix_project_crew_membership_user_id'),
+        'project_crew_membership',
+        ['user_id'],
+        unique=False,
+    )
+    op.create_index(
+        op.f('ix_project_crew_membership_active'),
+        'project_crew_membership',
+        ['project_id', 'user_id'],
+        unique=True,
+        postgresql_where=sa.text('revoked_at IS NULL'),
+    )
+    op.create_table(
+        'proposal_membership',
+        sa.Column('granted_at', sa.TIMESTAMP(timezone=True), nullable=False),
+        sa.Column('revoked_at', sa.TIMESTAMP(timezone=True), nullable=True),
+        sa.Column('record_type', sa.Integer(), nullable=False),
+        sa.Column('proposal_id', sa.Integer(), nullable=False),
+        sa.Column('is_reviewer', sa.Boolean(), nullable=False),
+        sa.Column('is_presenter', sa.Boolean(), nullable=False),
+        sa.Column('user_id', sa.Integer(), nullable=False),
+        sa.Column('revoked_by_id', sa.Integer(), nullable=True),
+        sa.Column('granted_by_id', sa.Integer(), nullable=True),
+        sa.Column('id', postgresql.UUID(), nullable=False),
+        sa.Column('created_at', sa.TIMESTAMP(timezone=True), nullable=False),
+        sa.Column('updated_at', sa.TIMESTAMP(timezone=True), nullable=False),
+        sa.CheckConstraint(
+            'is_reviewer IS true OR is_presenter IS true',
+            name='proposal_membership_has_role',
+        ),
+        sa.ForeignKeyConstraint(['granted_by_id'], ['user.id'], ondelete='SET NULL'),
+        sa.ForeignKeyConstraint(['proposal_id'], ['proposal.id'], ondelete='CASCADE'),
+        sa.ForeignKeyConstraint(['revoked_by_id'], ['user.id'], ondelete='SET NULL'),
+        sa.ForeignKeyConstraint(['user_id'], ['user.id'], ondelete='CASCADE'),
+        sa.PrimaryKeyConstraint('id'),
+    )
+    op.create_index(
+        op.f('ix_proposal_membership_user_id'),
+        'proposal_membership',
+        ['user_id'],
+        unique=False,
+    )
+    op.create_index(
+        op.f('ix_proposal_membership_active'),
+        'proposal_membership',
+        ['proposal_id', 'user_id'],
+        unique=True,
+        postgresql_where=sa.text('revoked_at IS NULL'),
+    )
+
+
+def downgrade():
+    op.drop_index(
+        op.f('ix_proposal_membership_active'), table_name='proposal_membership'
+    )
+    op.drop_index(
+        op.f('ix_proposal_membership_user_id'), table_name='proposal_membership'
+    )
+    op.drop_table('proposal_membership')
+    op.drop_index(
+        op.f('ix_project_crew_membership_active'), table_name='project_crew_membership'
+    )
+    op.drop_index(
+        op.f('ix_project_crew_membership_user_id'), table_name='project_crew_membership'
+    )
+    op.drop_table('project_crew_membership')
+    op.drop_index(
+        op.f('ix_organization_membership_active'), table_name='organization_membership'
+    )
+    op.drop_index(
+        op.f('ix_organization_membership_user_id'), table_name='organization_membership'
+    )
+    op.drop_table('organization_membership')
diff --git a/requirements.txt b/requirements.txt
index d4ff1d57b..e3efb0842 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -33,4 +33,4 @@ six==1.14.0
 SQLAlchemy>=0.9
 sqlalchemy_utils==0.36.1
 tweepy==3.8.0
-ua-parser==0.8.0
+user-agents==2.1
diff --git a/tests/conftest.py b/tests/conftest.py
index 9dcc24371..c7270b318 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -4,7 +4,16 @@
 import pytest
 
 from funnel import app
-from funnel.models import Label, Organization, Project, Proposal, Team, User, db
+from funnel.models import (
+    Label,
+    Organization,
+    OrganizationMembership,
+    Project,
+    Proposal,
+    Team,
+    User,
+    db,
+)
 
 
 @app.route('/usertest')
@@ -16,9 +25,21 @@ def user_test():
 
 TEST_DATA = {
     'users': {
-        'testuser': {'username': "testuser", 'email': "testuser@example.com"},
-        'testuser2': {'username': "testuser2", 'email': "testuser2@example.com"},
-        'testuser3': {'username': "testuser3", 'email': "testuser3@example.com"},
+        'testuser': {
+            'name': "testuser",
+            'fullname': "Test User",
+            'email': "testuser@example.com",
+        },
+        'test-org-owner': {
+            'name': "test-org-owner",
+            'fullname': "Test User 2",
+            'email': "testorgowner@example.com",
+        },
+        'test-org-admin': {
+            'name': "test-org-admin",
+            'fullname': "Test User 3",
+            'email': "testorgadmin@example.com",
+        },
     }
 }
 # Scope: session
@@ -63,25 +84,30 @@ def new_user(test_db):
 
 
 @pytest.fixture(scope='session')
-def new_user2(test_db):
-    user = User(**TEST_DATA['users']['testuser2'])
+def new_user_owner(test_db):
+    user = User(**TEST_DATA['users']['test-org-owner'])
     test_db.session.add(user)
     test_db.session.commit()
     return user
 
 
 @pytest.fixture(scope='session')
-def new_user3(test_db):
-    user = User(**TEST_DATA['users']['testuser3'])
+def new_user_admin(test_db):
+    user = User(**TEST_DATA['users']['test-org-admin'])
     test_db.session.add(user)
     test_db.session.commit()
     return user
 
 
 @pytest.fixture(scope='session')
-def new_organization(test_db):
-    org = Organization(title="Test org", name='test-org', is_public_profile=True)
+def new_organization(test_db, new_user_owner, new_user_admin):
+    org = Organization(
+        owner=new_user_owner, title="Test org", name='test-org', is_public_profile=True
+    )
     test_db.session.add(org)
+
+    admin_membership = OrganizationMembership(organization=org, user=new_user_admin)
+    test_db.session.add(admin_membership)
     test_db.session.commit()
     return org
 
@@ -110,6 +136,21 @@ def new_project(test_db, new_organization, new_user):
     return project
 
 
+@pytest.fixture(scope='session')
+def new_project2(test_db, new_organization, new_user_owner):
+    project = Project(
+        profile=new_organization.profile,
+        user=new_user_owner,
+        title="Test Project",
+        tagline="Test tagline",
+        description="Test description",
+        location="Test Location",
+    )
+    test_db.session.add(project)
+    test_db.session.commit()
+    return project
+
+
 @pytest.fixture(scope='class')
 def new_main_label(test_db, new_project):
     main_label_a = Label(
diff --git a/tests/e2e/frontend_tests_initdb.py b/tests/e2e/frontend_tests_initdb.py
index 48989c9c2..1fdd60ec9 100644
--- a/tests/e2e/frontend_tests_initdb.py
+++ b/tests/e2e/frontend_tests_initdb.py
@@ -1,6 +1,6 @@
 # -*- coding: utf-8 -*-
 from funnel import app
-from funnel.models import Organization, User, db
+from funnel.models import User, db
 
 
 def init_models():
@@ -11,12 +11,15 @@ def init_models():
         user_admin._set_password('cypress129')
         user = User(username='member-user', fullname='member-user')
         user._set_password('cypress341')
-        db.session.add_all([user_admin, user])
-        test_org = Organization(name="testcypressproject", title="testcypressproject")
-        test_org.owners.users.append(user_admin)
-        db.session.add(test_org)
-        test_org.profile.admin_team = test_org.owners
-        test_org.profile.make_public()
+        profile_owner = User(username='profile-cypress', fullname='profile-cypress')
+        profile_owner._set_password('cypress123')
+        concierge = User(username='concierge-user', fullname='concierge-user')
+        concierge._set_password('cypress341')
+        usher = User(username='usher-cypress', fullname='usher-cypress')
+        usher._set_password('cypress566')
+        editor = User(username='editor-cypress', fullname='editor-cypress')
+        editor._set_password('cypress900')
+        db.session.add_all([user_admin, user, profile_owner, concierge, usher, editor])
         db.session.commit()
 
 
diff --git a/tests/integration/views/test_label_views.py b/tests/integration/views/test_label_views.py
index a6f538474..761d8e7e3 100644
--- a/tests/integration/views/test_label_views.py
+++ b/tests/integration/views/test_label_views.py
@@ -10,7 +10,7 @@ def test_manage_labels_view(
         self, test_client, test_db, new_project, new_user, new_label, new_main_label
     ):
         with test_client.session_transaction() as session:
-            session['lastuser_userid'] = new_user.userid
+            session['userid'] = new_user.userid
         with test_client as c:
             resp = c.get(new_project.url_for('labels'))
             assert "Manage labels" in resp.data.decode('utf-8')
@@ -21,7 +21,7 @@ def test_labels_order_view(
         self, test_client, test_db, new_project, new_user, new_label, new_main_label
     ):
         with test_client.session_transaction() as session:
-            session['lastuser_userid'] = new_user.userid
+            session['userid'] = new_user.userid
         with test_client as c:
             assert new_label.seq == 1
             assert new_main_label.seq == 2
@@ -45,7 +45,7 @@ def test_labels_order_view(
 
     def test_new_label_view(self, test_client, test_db, new_project, new_user):
         with test_client.session_transaction() as session:
-            session['lastuser_userid'] = new_user.userid
+            session['userid'] = new_user.userid
         with test_client as c:
             resp = c.post(
                 new_project.url_for('new_label'),
@@ -81,7 +81,7 @@ def test_edit_option_label_view(
         self, test_client, test_db, new_project, new_user, new_main_label
     ):
         with test_client.session_transaction() as session:
-            session['lastuser_userid'] = new_user.userid
+            session['userid'] = new_user.userid
         with test_client as c:
             opt_label = new_main_label.options[0]
             resp = c.post(opt_label.url_for('edit'), follow_redirects=True)
@@ -92,7 +92,7 @@ def test_edit_main_label_view(
         self, test_client, test_db, new_project, new_user, new_main_label
     ):
         with test_client.session_transaction() as session:
-            session['lastuser_userid'] = new_user.userid
+            session['userid'] = new_user.userid
         with test_client as c:
             assert new_main_label.title == "Parent Label A"
             assert new_main_label.name == "parent-label-a"
@@ -139,7 +139,7 @@ def test_edit_main_label_view(
 class TestLabelArchiveView(object):
     def test_label_archive(self, test_client, test_db, new_user, new_label):
         with test_client.session_transaction() as session:
-            session['lastuser_userid'] = new_user.userid
+            session['userid'] = new_user.userid
         with test_client as c:
             resp = c.post(new_label.url_for('archive'), follow_redirects=True)
             label = Label.query.get(new_label.id)
@@ -157,7 +157,7 @@ class TestLabelDeleteView(object):
 
     def test_main_label_delete(self, test_client, test_db, new_user, new_label):
         with test_client.session_transaction() as session:
-            session['lastuser_userid'] = new_user.userid
+            session['userid'] = new_user.userid
         with test_client as c:
             resp = c.post(new_label.url_for('delete'), follow_redirects=True)
             assert "Manage labels" in resp.data.decode('utf-8')
@@ -167,7 +167,7 @@ def test_main_label_delete(self, test_client, test_db, new_user, new_label):
 
     def test_option_label_delete(self, test_client, test_db, new_user, new_main_label):
         with test_client.session_transaction() as session:
-            session['lastuser_userid'] = new_user.userid
+            session['userid'] = new_user.userid
         with test_client as c:
             label_a1 = new_main_label.options[0]
             label_a2 = new_main_label.options[1]
@@ -193,7 +193,7 @@ def test_optioned_label_delete(
         self, test_client, test_db, new_user, new_main_label
     ):
         with test_client.session_transaction() as session:
-            session['lastuser_userid'] = new_user.userid
+            session['userid'] = new_user.userid
         with test_client as c:
             label_a1 = new_main_label.options[0]
             label_a2 = new_main_label.options[1]
diff --git a/tests/integration/views/test_membership_views.py b/tests/integration/views/test_membership_views.py
new file mode 100644
index 000000000..8c5ac9e69
--- /dev/null
+++ b/tests/integration/views/test_membership_views.py
@@ -0,0 +1,109 @@
+# -*- coding: utf-8 -*-
+
+
+from funnel.models import ProjectCrewMembership
+
+
+class TestMembershipViews(object):
+    def test_get_existing_members(
+        self, test_client, test_db, new_user, new_user_owner, new_project, new_project2
+    ):
+        with test_client.session_transaction() as session:
+            session['userid'] = new_user.userid
+        with test_client as c:
+            # new_user is new_project.profile's admin, so the page should load
+            resp = c.get(new_project.url_for('membership'))
+            assert resp.status_code == 200
+            assert u"Add a member" in resp.data.decode('utf-8')
+
+            # but new_user is not new_project2.profile's admin, so it should not load
+            resp2 = c.get(new_project2.url_for('membership'))
+            assert resp2.status_code == 403  # forbidden
+            assert u"Add new member" not in resp2.data.decode('utf-8')
+            assert u"Access denied" in resp2.data.decode('utf-8')
+
+            # let's add a member to the project
+            new_membership = ProjectCrewMembership(
+                parent=new_project, user=new_user, is_editor=True
+            )
+            test_db.session.add(new_membership)
+            test_db.session.commit()
+
+            # now the new member should show up in membership page
+            resp3 = c.get(new_project.url_for('membership'))
+            assert resp3.status_code == 200
+            assert new_user.fullname in resp3.data.decode('utf-8')
+            # membership record's edit/delete urls are in the page
+            assert new_membership.url_for('edit') in resp3.data.decode('utf-8')
+            assert new_membership.url_for('delete') in resp3.data.decode('utf-8')
+
+            # let's revoke the membership
+            new_membership.revoke(actor=new_user_owner)
+            test_db.session.commit()
+            # now the member should not show up in the page
+            resp3 = c.get(new_project.url_for('membership'))
+            assert resp3.status_code == 200
+            assert new_user.fullname not in resp3.data.decode('utf-8')
+
+    def test_create_new_member(self, test_client, new_user, new_project):
+        with test_client.session_transaction() as session:
+            session['userid'] = new_user.userid
+        with test_client as c:
+            # GET request should return a form
+            resp = c.get(new_project.url_for('new_member'))
+            assert resp.status_code == 200
+            assert 'form' in resp.json
+            assert new_project.url_for('new_member') in resp.json.get('form')
+
+            # FIXME: Can't test new member creation because SelectUserField validation fails
+
+    def test_edit_member(
+        self, test_client, test_db, new_user, new_user_owner, new_project
+    ):
+        with test_client.session_transaction() as session:
+            session['userid'] = new_user.userid
+        with test_client as c:
+            # let's add a member to the project
+            new_membership = ProjectCrewMembership(
+                parent=new_project, user=new_user_owner, is_editor=True
+            )
+            test_db.session.add(new_membership)
+            test_db.session.commit()
+
+            # GET request should return a form
+            resp = c.get(new_membership.url_for('edit'))
+            assert resp.status_code == 200
+            assert 'form' in resp.json
+            assert new_membership.url_for('edit') in resp.json.get('form')
+
+            new_membership.revoke(actor=new_user)
+            test_db.session.commit()
+
+            # FIXME: Can't test member edit because SelectUserField validation fails
+
+    def test_delete_new_member(
+        self, test_client, test_db, new_user, new_user_owner, new_project
+    ):
+        with test_client.session_transaction() as session:
+            session['userid'] = new_user.userid
+        with test_client as c:
+            new_membership = ProjectCrewMembership(
+                parent=new_project, user=new_user_owner, is_editor=True
+            )
+            test_db.session.add(new_membership)
+            test_db.session.commit()
+
+            assert new_membership in new_project.active_crew_memberships
+
+            # GET request should return a form
+            resp = c.get(new_membership.url_for('delete'))
+            assert resp.status_code == 200
+            assert 'form' in resp.json
+            assert new_membership.url_for('delete') in resp.json.get('form')
+
+            resp2 = c.post(new_membership.url_for('delete'))
+            assert resp2.status_code == 200
+            assert resp2.json.get('status') == 'ok'
+
+            assert new_membership.is_active is not True
+            assert new_membership not in new_project.active_crew_memberships
diff --git a/tests/integration/views/test_project_views.py b/tests/integration/views/test_project_views.py
index cd1112f13..9c7613548 100644
--- a/tests/integration/views/test_project_views.py
+++ b/tests/integration/views/test_project_views.py
@@ -9,7 +9,7 @@
 class TestProjectViews(object):
     def test_new_label_get(self, test_client, new_user, new_project):
         with test_client.session_transaction() as session:
-            session['lastuser_userid'] = new_user.userid
+            session['userid'] = new_user.userid
         with test_client as c:
             resp = c.get(new_project.url_for('new_label'))
             label_form = LabelForm(parent=new_project, model=Label)
@@ -18,7 +18,7 @@ def test_new_label_get(self, test_client, new_user, new_project):
 
     def test_new_label_without_option(self, test_client, new_user, new_project):
         with test_client.session_transaction() as session:
-            session['lastuser_userid'] = new_user.userid
+            session['userid'] = new_user.userid
         with test_client as c:
             resp_post = c.post(
                 new_project.url_for('new_label'),
@@ -40,7 +40,7 @@ def test_new_label_without_option(self, test_client, new_user, new_project):
 
     def test_new_label_with_option(self, test_client, new_user, new_project):
         with test_client.session_transaction() as session:
-            session['lastuser_userid'] = new_user.userid
+            session['userid'] = new_user.userid
         with test_client as c:
             resp_post = c.post(
                 new_project.url_for('new_label'),
diff --git a/tests/unit/__init__.py b/tests/unit/__init__.py
index 1acf6feff..e69de29bb 100644
--- a/tests/unit/__init__.py
+++ b/tests/unit/__init__.py
@@ -1,4 +0,0 @@
-# -*- coding: utf-8 -*-
-# flake8: noqa
-
-from .models import *
diff --git a/lastuser_git_merge/tests/__init__.py b/tests/unit/lastuser_core/__init__.py
similarity index 100%
rename from lastuser_git_merge/tests/__init__.py
rename to tests/unit/lastuser_core/__init__.py
diff --git a/lastuser_git_merge/tests/unit/lastuser_core/fixtures.py b/tests/unit/lastuser_core/fixtures.py
similarity index 89%
rename from lastuser_git_merge/tests/unit/lastuser_core/fixtures.py
rename to tests/unit/lastuser_core/fixtures.py
index 04c118fd0..33779cb20 100644
--- a/lastuser_git_merge/tests/unit/lastuser_core/fixtures.py
+++ b/tests/unit/lastuser_core/fixtures.py
@@ -1,6 +1,7 @@
 # -*- coding: utf-8 -*-
 
-from lastuser_core.models import (
+from funnel import db
+from funnel.models import (
     AuthClient,
     AuthClientTeamPermissions,
     AuthClientUserPermissions,
@@ -11,7 +12,6 @@
     UserEmail,
     UserPhone,
 )
-from lastuserapp import db
 
 
 class Fixtures(object):
@@ -40,13 +40,13 @@ def make_fixtures(self):
         self.crusoe_email = crusoe_email
         self.crusoe_phone = crusoe_phone
 
-        batdog = Organization(name='batdog', title='Batdog')
-        batdog.owners.users.append(crusoe)
+        batdog = Organization(name='batdog', title='Batdog', owner=crusoe)
         db.session.add(batdog)
         self.batdog = batdog
 
-        specialdachs = Organization(name="specialdachs", title="Special Dachshunds")
-        specialdachs.owners.users.append(oakley)
+        specialdachs = Organization(
+            name="specialdachs", title="Special Dachshunds", owner=oakley
+        )
         db.session.add(specialdachs)
         self.specialdachs = specialdachs
 
diff --git a/lastuser_git_merge/tests/unit/lastuser_core/test_db.py b/tests/unit/lastuser_core/test_db.py
similarity index 95%
rename from lastuser_git_merge/tests/unit/lastuser_core/test_db.py
rename to tests/unit/lastuser_core/test_db.py
index 6123959e0..d64041a93 100644
--- a/lastuser_git_merge/tests/unit/lastuser_core/test_db.py
+++ b/tests/unit/lastuser_core/test_db.py
@@ -2,7 +2,7 @@
 
 import unittest
 
-from lastuserapp import app, db
+from funnel import app, db
 
 from .fixtures import Fixtures
 
diff --git a/lastuser_git_merge/tests/unit/lastuser_core/test_model_client_AuthCode.py b/tests/unit/lastuser_core/test_model_client_AuthCode.py
similarity index 96%
rename from lastuser_git_merge/tests/unit/lastuser_core/test_model_client_AuthCode.py
rename to tests/unit/lastuser_core/test_model_client_AuthCode.py
index 8ced58059..9b283fc7b 100644
--- a/lastuser_git_merge/tests/unit/lastuser_core/test_model_client_AuthCode.py
+++ b/tests/unit/lastuser_core/test_model_client_AuthCode.py
@@ -1,7 +1,7 @@
 # -*- coding: utf-8 -*-
 
-from lastuserapp import db
-import lastuser_core.models as models
+from funnel import db
+import funnel.models as models
 
 from .test_db import TestDatabaseFixture
 
diff --git a/lastuser_git_merge/tests/unit/lastuser_core/test_model_client_AuthToken.py b/tests/unit/lastuser_core/test_model_client_AuthToken.py
similarity index 98%
rename from lastuser_git_merge/tests/unit/lastuser_core/test_model_client_AuthToken.py
rename to tests/unit/lastuser_core/test_model_client_AuthToken.py
index 1aea9ba2a..3680ab822 100644
--- a/lastuser_git_merge/tests/unit/lastuser_core/test_model_client_AuthToken.py
+++ b/tests/unit/lastuser_core/test_model_client_AuthToken.py
@@ -3,8 +3,8 @@
 from datetime import timedelta
 
 from coaster.utils import buid, utcnow
-from lastuserapp import db
-import lastuser_core.models as models
+from funnel import db
+import funnel.models as models
 
 from .test_db import TestDatabaseFixture
 
@@ -118,8 +118,9 @@ def test_authtoken_all(self):
         greyback_token = models.AuthToken(
             auth_client=auth_client, user=greyback, scope=['id']
         )
-        pottermania = models.Organization(name='pottermania', title='Pottermania')
-        pottermania.owners.users.append(hermione)
+        pottermania = models.Organization(
+            name='pottermania', title='Pottermania', owner=hermione
+        )
         db.session.add_all(
             [
                 myrtle,
diff --git a/lastuser_git_merge/tests/unit/lastuser_core/test_model_client_Client.py b/tests/unit/lastuser_core/test_model_client_Client.py
similarity index 98%
rename from lastuser_git_merge/tests/unit/lastuser_core/test_model_client_Client.py
rename to tests/unit/lastuser_core/test_model_client_Client.py
index 5dc5475e7..4af872bf9 100644
--- a/lastuser_git_merge/tests/unit/lastuser_core/test_model_client_Client.py
+++ b/tests/unit/lastuser_core/test_model_client_Client.py
@@ -1,8 +1,8 @@
 # -*- coding: utf-8 -*-
 
 from coaster.utils import utcnow
-from lastuserapp import db
-import lastuser_core.models as models
+from funnel import db
+import funnel.models as models
 
 from .test_db import TestDatabaseFixture
 
diff --git a/lastuser_git_merge/tests/unit/lastuser_core/test_model_client_ClientCredential.py b/tests/unit/lastuser_core/test_model_client_ClientCredential.py
similarity index 97%
rename from lastuser_git_merge/tests/unit/lastuser_core/test_model_client_ClientCredential.py
rename to tests/unit/lastuser_core/test_model_client_ClientCredential.py
index d1f594017..c90690cc9 100644
--- a/lastuser_git_merge/tests/unit/lastuser_core/test_model_client_ClientCredential.py
+++ b/tests/unit/lastuser_core/test_model_client_ClientCredential.py
@@ -1,6 +1,6 @@
 # -*- coding: utf-8 -*-
 
-import lastuser_core.models as models
+import funnel.models as models
 
 from .test_db import TestDatabaseFixture
 
diff --git a/lastuser_git_merge/tests/unit/lastuser_core/test_model_client_ScopeMixin.py b/tests/unit/lastuser_core/test_model_client_ScopeMixin.py
similarity index 97%
rename from lastuser_git_merge/tests/unit/lastuser_core/test_model_client_ScopeMixin.py
rename to tests/unit/lastuser_core/test_model_client_ScopeMixin.py
index 49133f70c..acd320481 100644
--- a/lastuser_git_merge/tests/unit/lastuser_core/test_model_client_ScopeMixin.py
+++ b/tests/unit/lastuser_core/test_model_client_ScopeMixin.py
@@ -1,7 +1,7 @@
 # -*- coding: utf-8 -*-
 
-from lastuserapp import db
-import lastuser_core.models as models
+from funnel import db
+import funnel.models as models
 
 from .test_db import TestDatabaseFixture
 
diff --git a/lastuser_git_merge/tests/unit/lastuser_core/test_model_client_TeamClientPermissions.py b/tests/unit/lastuser_core/test_model_client_TeamClientPermissions.py
similarity index 96%
rename from lastuser_git_merge/tests/unit/lastuser_core/test_model_client_TeamClientPermissions.py
rename to tests/unit/lastuser_core/test_model_client_TeamClientPermissions.py
index 65bad13b3..9aaeeb504 100644
--- a/lastuser_git_merge/tests/unit/lastuser_core/test_model_client_TeamClientPermissions.py
+++ b/tests/unit/lastuser_core/test_model_client_TeamClientPermissions.py
@@ -1,6 +1,6 @@
 # -*- coding: utf-8 -*-
 
-import lastuser_core.models as models
+import funnel.models as models
 
 from .test_db import TestDatabaseFixture
 
diff --git a/lastuser_git_merge/tests/unit/lastuser_core/test_model_client_UserClientPermissions.py b/tests/unit/lastuser_core/test_model_client_UserClientPermissions.py
similarity index 98%
rename from lastuser_git_merge/tests/unit/lastuser_core/test_model_client_UserClientPermissions.py
rename to tests/unit/lastuser_core/test_model_client_UserClientPermissions.py
index 85c5bafc8..7338bac08 100644
--- a/lastuser_git_merge/tests/unit/lastuser_core/test_model_client_UserClientPermissions.py
+++ b/tests/unit/lastuser_core/test_model_client_UserClientPermissions.py
@@ -1,7 +1,7 @@
 # -*- coding: utf-8 -*-
 
-from lastuserapp import db
-import lastuser_core.models as models
+from funnel import db
+import funnel.models as models
 
 from .test_db import TestDatabaseFixture
 
diff --git a/tests/unit/lastuser_core/test_model_user_Name.py b/tests/unit/lastuser_core/test_model_user_Name.py
new file mode 100644
index 000000000..f87ddcc47
--- /dev/null
+++ b/tests/unit/lastuser_core/test_model_user_Name.py
@@ -0,0 +1,134 @@
+# -*- coding: utf-8 -*-
+
+from sqlalchemy.exc import IntegrityError
+
+from funnel import db
+import funnel.models as models
+
+from .test_db import TestDatabaseFixture
+
+
+class TestName(TestDatabaseFixture):
+    def test_is_available_name(self):
+        """
+        Names are only available if valid and unused
+        """
+        assert models.Profile.is_available_name('invalid_name') is False
+        # 'piglet' is a name taken in the fixtures
+        piglet = models.User.get(username='piglet')
+        assert piglet.profile.state.AUTO
+        # even though profile is not public, username is still unavailable
+        assert models.Profile.is_available_name('piglet') is False
+        # any other random usernames are available
+        assert models.Profile.is_available_name('peppa') is True
+
+    def test_validate_name_candidate(self):
+        """
+        The name validator returns error codes as expected
+        """
+        assert models.Profile.validate_name_candidate(None) == 'blank'
+        assert models.Profile.validate_name_candidate('') == 'blank'
+        assert models.Profile.validate_name_candidate('invalid_name') == 'invalid'
+        assert models.Profile.validate_name_candidate('0123456789' * 7) == 'long'
+        assert models.Profile.validate_name_candidate('0123456789' * 6) is None
+        assert models.Profile.validate_name_candidate('test-reserved') is None
+        db.session.add(models.Profile(name='test-reserved', reserved=True))
+        db.session.commit()
+        assert models.Profile.validate_name_candidate('test-reserved') == 'reserved'
+        assert models.Profile.validate_name_candidate('piglet') == 'user'
+        assert models.Profile.validate_name_candidate('batdog') == 'org'
+
+    def test_reserved_name(self):
+        """
+        Names can be reserved, with no user or organization
+        """
+        reserved_name = models.Profile(name='reserved-name', reserved=True)
+        db.session.add(reserved_name)
+        db.session.commit()
+        # Profile.get() no longer works for non-public profiles
+        retrieved_name = models.Profile.query.filter_by(name='reserved-name').first()
+        assert retrieved_name is reserved_name
+        assert reserved_name.user is None
+        assert reserved_name.user_id is None
+        assert reserved_name.organization is None
+        assert reserved_name.organization_id is None
+
+    def test_unassigned_name(self):
+        """
+        Names must be assigned to a user or organization if not reserved
+        """
+        unassigned_name = models.Profile(name='unassigned')
+        db.session.add(unassigned_name)
+        with self.assertRaises(IntegrityError):
+            db.session.commit()
+
+    def test_double_assigned_name(self):
+        """
+        Names cannot be assigned to both a user and an organization simultaneously
+        """
+        user = models.User(username="double-assigned", fullname="User")
+        org = models.Organization(
+            name="double-assigned", title="Organization", owner=self.fixtures.piglet
+        )
+        db.session.add_all([user, org])
+        with self.assertRaises(IntegrityError):
+            db.session.commit()
+
+    def test_user_two_names(self):
+        """
+        A user cannot have two names
+        """
+        piglet = self.fixtures.piglet
+        db.session.add(piglet)
+        assert piglet.profile.name == 'piglet'
+        peppa = models.Profile(name='peppa', user=piglet)
+        db.session.add(peppa)
+        with self.assertRaises(IntegrityError):
+            db.session.commit()
+
+    def test_org_two_names(self):
+        """
+        An organization cannot have two names
+        """
+        batdog = self.fixtures.batdog
+        db.session.add(batdog)
+        assert batdog.profile.name == 'batdog'
+        bathound = models.Profile(name='bathound', organization=batdog)
+        db.session.add(bathound)
+        with self.assertRaises(IntegrityError):
+            db.session.commit()
+
+    def test_remove_name(self):
+        """
+        Removing a name from a user or org also removes it from the Name table
+        """
+        # assert self.fixtures.oakley.username == 'oakley'
+        # assert models.Profile.get('oakley') is not None
+        # self.fixtures.oakley.username = None
+        # db.session.commit()
+        # assert models.Profile.get('oakley') is None
+
+        # assert self.fixtures.specialdachs.name == 'specialdachs'
+        # assert models.Profile.get('specialdachs') is not None
+        # self.fixtures.specialdachs.name = None
+        # db.session.commit()
+        # assert models.Profile.get('specialdachs') is None
+
+        # FIXME: Need clarity on how this works
+
+    def test_name_transfer(self):
+        assert self.fixtures.nameless.username is None
+        assert models.User.get(username='newname') is None
+        newname = models.User(name='newname', fullname="New Name")
+        db.session.add(newname)
+        db.session.commit()
+        assert models.User.get(username='newname') is not None
+        assert newname.username == 'newname'
+
+        with self.app.test_request_context('/'):
+            merged = models.merge_users(self.fixtures.nameless, newname)
+
+            assert merged is not newname
+            assert merged is self.fixtures.nameless
+            assert newname.status == models.USER_STATUS.MERGED
+            assert merged.username == 'newname'
diff --git a/lastuser_git_merge/tests/unit/lastuser_core/test_model_user_Organization.py b/tests/unit/lastuser_core/test_model_user_Organization.py
similarity index 82%
rename from lastuser_git_merge/tests/unit/lastuser_core/test_model_user_Organization.py
rename to tests/unit/lastuser_core/test_model_user_Organization.py
index 2b1dc3938..63e76ce2d 100644
--- a/lastuser_git_merge/tests/unit/lastuser_core/test_model_user_Organization.py
+++ b/tests/unit/lastuser_core/test_model_user_Organization.py
@@ -1,7 +1,7 @@
 # -*- coding: utf-8 -*-
 
-from lastuserapp import db
-import lastuser_core.models as models
+from funnel import db
+import funnel.models as models
 
 from .test_db import TestDatabaseFixture
 
@@ -13,7 +13,9 @@ def test_organization_init(self):
         """
         name = 'dachshunited'
         title = 'Dachshunds United'
-        dachsunited = models.Organization(name=name, title=title)
+        dachsunited = models.Organization(
+            name=name, title=title, owner=self.fixtures.crusoe
+        )
         self.assertIsInstance(dachsunited, models.Organization)
         self.assertEqual(dachsunited.title, title)
         self.assertEqual(dachsunited.name, name)
@@ -25,12 +27,14 @@ def test_organization_make_teams(self):
         crusoe = self.fixtures.crusoe
         name = 'dachshunited'
         title = 'Dachshunds United'
-        dachsunited = models.Organization(name=name, title=title)
+        dachsunited = models.Organization(name=name, title=title, owner=crusoe)
+
+        # INVALID: Organization can no longer be created without an owner.
         # Scenario: before any users were added to the organization
-        self.assertIsInstance(dachsunited.owners, models.Team)
-        self.assertEqual(dachsunited.owners.users.all(), [])
+        # self.assertIsInstance(dachsunited.owners, models.Team)
+        # self.assertEqual(dachsunited.owners.users.all(), [])
+
         # After adding users to the organization
-        dachsunited.owners.users.append(crusoe)
         self.assertEqual(dachsunited.owners.users.all(), [crusoe])
         assert title == dachsunited.owners.organization.title
 
@@ -40,7 +44,7 @@ def test_organization_get(self):
         """
         name = 'spew'
         title = 'S.P.E.W'
-        spew = models.Organization(name=name, title=title)
+        spew = models.Organization(name=name, title=title, owner=self.fixtures.crusoe)
         db.session.add(spew)
         db.session.commit()
         # scenario 1: when neither name or buid are passed
@@ -64,8 +68,8 @@ def test_organization_all(self):
         """
         Test for getting all organizations (takes buid or name optionally)
         """
-        gryffindor = models.Organization(name='gryffindor')
-        ravenclaw = models.Organization(name='ravenclaw')
+        gryffindor = models.Organization(name='gryffindor', owner=self.fixtures.crusoe)
+        ravenclaw = models.Organization(name='ravenclaw', owner=self.fixtures.crusoe)
         db.session.add(gryffindor)
         db.session.add(ravenclaw)
         db.session.commit()
@@ -95,7 +99,9 @@ def test_organization_valid_name(self):
         """
         Test for checking if given is a valid organization name
         """
-        hufflepuffs = models.Organization(name='hufflepuffs', title='Huffle Puffs')
+        hufflepuffs = models.Organization(
+            name='hufflepuffs', title='Huffle Puffs', owner=self.fixtures.crusoe
+        )
         self.assertFalse(hufflepuffs.is_valid_name('#$%#%___2836273untitled'))
         self.assertTrue(hufflepuffs.is_valid_name('hufflepuffs'))
 
@@ -104,14 +110,14 @@ def test_organization_pickername(self):
         Test for checking Organization's pickername
         """
         # scenario 1: when only title is given
-        abnegation = models.Organization(title="Abnegation")
+        abnegation = models.Organization(title="Abnegation", owner=self.fixtures.crusoe)
         self.assertIsInstance(abnegation.pickername, str)
         self.assertEqual(abnegation.pickername, abnegation.title)
 
         # scenario 2: when both name and title are given
         name = 'cullens'
         title = 'The Cullens'
-        olympic_coven = models.Organization(title=title)
+        olympic_coven = models.Organization(title=title, owner=self.fixtures.crusoe)
         olympic_coven.name = name
         db.session.add(olympic_coven)
         db.session.commit()
@@ -126,7 +132,7 @@ def test_organization_name(self):
         Test for retrieving Organization's name
         name is a setter method
         """
-        insurgent = models.Organization(title='Insurgent')
+        insurgent = models.Organization(title='Insurgent', owner=self.fixtures.crusoe)
         with self.assertRaises(ValueError):
             insurgent.name = '35453496*%&^$%^'
         with self.assertRaises(ValueError):
diff --git a/lastuser_git_merge/tests/unit/lastuser_core/test_model_user_PasswordResetRequest.py b/tests/unit/lastuser_core/test_model_user_PasswordResetRequest.py
similarity index 93%
rename from lastuser_git_merge/tests/unit/lastuser_core/test_model_user_PasswordResetRequest.py
rename to tests/unit/lastuser_core/test_model_user_PasswordResetRequest.py
index ada6666e0..d096cfbbb 100644
--- a/lastuser_git_merge/tests/unit/lastuser_core/test_model_user_PasswordResetRequest.py
+++ b/tests/unit/lastuser_core/test_model_user_PasswordResetRequest.py
@@ -1,6 +1,6 @@
 # -*- coding: utf-8 -*-
 
-import lastuser_core.models as models
+import funnel.models as models
 
 from .test_db import TestDatabaseFixture
 
diff --git a/lastuser_git_merge/tests/unit/lastuser_core/test_model_user_Team.py b/tests/unit/lastuser_core/test_model_user_Team.py
similarity index 97%
rename from lastuser_git_merge/tests/unit/lastuser_core/test_model_user_Team.py
rename to tests/unit/lastuser_core/test_model_user_Team.py
index 146d9a779..71b3b55e1 100644
--- a/lastuser_git_merge/tests/unit/lastuser_core/test_model_user_Team.py
+++ b/tests/unit/lastuser_core/test_model_user_Team.py
@@ -1,6 +1,6 @@
 # -*- coding: utf-8 -*-
 
-import lastuser_core.models as models
+import funnel.models as models
 
 from .test_db import TestDatabaseFixture
 
diff --git a/lastuser_git_merge/tests/unit/lastuser_core/test_model_user_User.py b/tests/unit/lastuser_core/test_model_user_User.py
similarity index 87%
rename from lastuser_git_merge/tests/unit/lastuser_core/test_model_user_User.py
rename to tests/unit/lastuser_core/test_model_user_User.py
index ea50d02a9..5cb81011d 100644
--- a/lastuser_git_merge/tests/unit/lastuser_core/test_model_user_User.py
+++ b/tests/unit/lastuser_core/test_model_user_User.py
@@ -5,8 +5,8 @@
 from sqlalchemy.orm.collections import InstrumentedList
 
 from coaster.utils import utcnow
-from lastuserapp import db
-import lastuser_core.models as models
+from funnel import db
+import funnel.models as models
 
 from .test_db import TestDatabaseFixture
 
@@ -99,19 +99,8 @@ def test_user_organization_owned(self):
         """
         crusoe = self.fixtures.crusoe
         batdog = self.fixtures.batdog
-        result = crusoe.organizations_owned()
-        self.assertIsInstance(result, list)
-        self.assertCountEqual(result, [batdog])
-
-    def test_user_organizations_owned_ids(self):
-        """
-        Test for verifying ids of organizations owned by a user
-        """
-        crusoe = self.fixtures.crusoe
-        batdog = self.fixtures.batdog
-        result = crusoe.organizations_owned_ids()
-        self.assertIsInstance(result, list)
-        self.assertCountEqual(result, [batdog.id])
+        result = crusoe.organizations_as_owner
+        self.assertCountEqual(list(result), [batdog])
 
     def test_user_organizations(self):
         """
@@ -122,24 +111,13 @@ def test_user_organizations(self):
         self.assertIsInstance(result, list)
         self.assertCountEqual(result, [self.fixtures.specialdachs])
 
-    def test_user_organizations_memberof(self):
+    def test_user_organizations_as_admin(self):
         """
-        Test for verifying list of organizations this user is member of
+        Test for verifying list of organizations this user is an admin of
         """
         oakley = self.fixtures.oakley
-        result = oakley.organizations_memberof()
-        self.assertIsInstance(result, list)
-        self.assertCountEqual(result, [self.fixtures.specialdachs])
-
-    def test_user_organizations_memberof_ids(self):
-        """
-        Test for verifying ids of organizations where a user is a *only* a member
-        """
-        oakley = self.fixtures.oakley
-        self.fixtures.batdog
-        result = oakley.organizations_memberof_ids()
-        self.assertIsInstance(result, list)
-        self.assertCountEqual(result, [self.fixtures.specialdachs.id])
+        result = oakley.organizations_as_admin
+        self.assertCountEqual(list(result), [self.fixtures.specialdachs])
 
     def test_user_username(self):
         """
@@ -253,39 +231,6 @@ def test_user_password(self):
         self.assertTrue(result.password_is('12thprecinct'))
         self.assertGreater(result.pw_expires_at, result.pw_set_at)
 
-    def test_user_clients_with_team_access(self):
-        """
-        Test to verify a list of clients with access to the user's organizations' teams.
-        """
-        aro = models.User(username='aro')
-        jane = models.User(username='jane')
-        marcus = models.User(username='marcus')
-        volturi = models.Organization(name='volturi', title='The Volturi')
-        volturi.owners.users.append(aro)
-        volterra = models.AuthClient(
-            title='Volterra, Tuscany',
-            organization=volturi,
-            confidential=True,
-            website='volterra.co.it',
-        )
-        enforcers = models.AuthClient(
-            title='Volturi\'s thugs',
-            organization=volturi,
-            confidential=True,
-            website='volturi.co.it',
-        )
-        volterra_auth_token = models.AuthToken(
-            auth_client=volterra, user=aro, scope='teams', validity=0
-        )
-        volterra_auth_token
-        enforcers_auth_token = models.AuthToken(
-            auth_client=enforcers, user=marcus, scope='teams', validity=0
-        )
-        enforcers_auth_token
-        self.assertCountEqual(aro.clients_with_team_access(), [volterra])
-        self.assertCountEqual(marcus.clients_with_team_access(), [enforcers])
-        self.assertEqual(jane.clients_with_team_access(), [])
-
     def test_user_password_has_expired(self):
         """
         Test to check if password for a user has expired
diff --git a/lastuser_git_merge/tests/unit/lastuser_core/test_model_user_UserEmail.py b/tests/unit/lastuser_core/test_model_user_UserEmail.py
similarity index 98%
rename from lastuser_git_merge/tests/unit/lastuser_core/test_model_user_UserEmail.py
rename to tests/unit/lastuser_core/test_model_user_UserEmail.py
index 4c9408ff0..a72d3bdba 100644
--- a/lastuser_git_merge/tests/unit/lastuser_core/test_model_user_UserEmail.py
+++ b/tests/unit/lastuser_core/test_model_user_UserEmail.py
@@ -1,7 +1,7 @@
 # -*- coding: utf-8 -*-
 
 from coaster.utils import md5sum
-import lastuser_core.models as models
+import funnel.models as models
 
 from .test_db import TestDatabaseFixture
 
diff --git a/lastuser_git_merge/tests/unit/lastuser_core/test_model_user_UserEmailClaim.py b/tests/unit/lastuser_core/test_model_user_UserEmailClaim.py
similarity index 97%
rename from lastuser_git_merge/tests/unit/lastuser_core/test_model_user_UserEmailClaim.py
rename to tests/unit/lastuser_core/test_model_user_UserEmailClaim.py
index e30190389..cef082e48 100644
--- a/lastuser_git_merge/tests/unit/lastuser_core/test_model_user_UserEmailClaim.py
+++ b/tests/unit/lastuser_core/test_model_user_UserEmailClaim.py
@@ -1,8 +1,8 @@
 # -*- coding: utf-8 -*-
 
 from coaster.utils import md5sum
-from lastuserapp import db
-import lastuser_core.models as models
+from funnel import db
+import funnel.models as models
 
 from .test_db import TestDatabaseFixture
 
diff --git a/lastuser_git_merge/tests/unit/lastuser_core/test_model_user_UserExternalId.py b/tests/unit/lastuser_core/test_model_user_UserExternalId.py
similarity index 97%
rename from lastuser_git_merge/tests/unit/lastuser_core/test_model_user_UserExternalId.py
rename to tests/unit/lastuser_core/test_model_user_UserExternalId.py
index 24cdfa80d..421a174df 100644
--- a/lastuser_git_merge/tests/unit/lastuser_core/test_model_user_UserExternalId.py
+++ b/tests/unit/lastuser_core/test_model_user_UserExternalId.py
@@ -3,8 +3,8 @@
 
 from os import environ
 
-from lastuserapp import db
-import lastuser_core.models as models
+from funnel import db
+import funnel.models as models
 
 from .test_db import TestDatabaseFixture
 
diff --git a/lastuser_git_merge/tests/unit/lastuser_core/test_model_user_UserOldId.py b/tests/unit/lastuser_core/test_model_user_UserOldId.py
similarity index 93%
rename from lastuser_git_merge/tests/unit/lastuser_core/test_model_user_UserOldId.py
rename to tests/unit/lastuser_core/test_model_user_UserOldId.py
index 7a2306926..0e099f45c 100644
--- a/lastuser_git_merge/tests/unit/lastuser_core/test_model_user_UserOldId.py
+++ b/tests/unit/lastuser_core/test_model_user_UserOldId.py
@@ -1,7 +1,7 @@
 # -*- coding: utf-8 -*-
 
-from lastuserapp import db
-import lastuser_core.models as models
+from funnel import db
+import funnel.models as models
 
 from .test_db import TestDatabaseFixture
 
diff --git a/lastuser_git_merge/tests/unit/lastuser_core/test_model_user_UserPhone.py b/tests/unit/lastuser_core/test_model_user_UserPhone.py
similarity index 96%
rename from lastuser_git_merge/tests/unit/lastuser_core/test_model_user_UserPhone.py
rename to tests/unit/lastuser_core/test_model_user_UserPhone.py
index 4663fe00d..f3688adec 100644
--- a/lastuser_git_merge/tests/unit/lastuser_core/test_model_user_UserPhone.py
+++ b/tests/unit/lastuser_core/test_model_user_UserPhone.py
@@ -1,6 +1,6 @@
 # -*- coding: utf-8 -*-
 
-import lastuser_core.models as models
+import funnel.models as models
 
 from .test_db import TestDatabaseFixture
 
diff --git a/lastuser_git_merge/tests/unit/lastuser_core/test_model_user_UserPhoneClaim.py b/tests/unit/lastuser_core/test_model_user_UserPhoneClaim.py
similarity index 97%
rename from lastuser_git_merge/tests/unit/lastuser_core/test_model_user_UserPhoneClaim.py
rename to tests/unit/lastuser_core/test_model_user_UserPhoneClaim.py
index 69847f255..8b13e1033 100644
--- a/lastuser_git_merge/tests/unit/lastuser_core/test_model_user_UserPhoneClaim.py
+++ b/tests/unit/lastuser_core/test_model_user_UserPhoneClaim.py
@@ -1,7 +1,7 @@
 # -*- coding: utf-8 -*-
 
-from lastuserapp import db
-import lastuser_core.models as models
+from funnel import db
+import funnel.models as models
 
 from .test_db import TestDatabaseFixture
 
diff --git a/lastuser_git_merge/tests/unit/lastuser_core/test_models.py b/tests/unit/lastuser_core/test_models.py
similarity index 98%
rename from lastuser_git_merge/tests/unit/lastuser_core/test_models.py
rename to tests/unit/lastuser_core/test_models.py
index 38886386c..cf82cc342 100644
--- a/lastuser_git_merge/tests/unit/lastuser_core/test_models.py
+++ b/tests/unit/lastuser_core/test_models.py
@@ -1,8 +1,8 @@
 # -*- coding: utf-8 -*-
 from os import environ
 
-from lastuserapp import db
-import lastuser_core.models as models
+from funnel import db
+import funnel.models as models
 
 from .test_db import TestDatabaseFixture
 
diff --git a/lastuser_git_merge/tests/unit/lastuser_core/test_registry_LoginProvider.py b/tests/unit/lastuser_core/test_registry_LoginProvider.py
similarity index 100%
rename from lastuser_git_merge/tests/unit/lastuser_core/test_registry_LoginProvider.py
rename to tests/unit/lastuser_core/test_registry_LoginProvider.py
diff --git a/lastuser_git_merge/tests/unit/lastuser_core/test_registry_LoginProviderRegistry.py b/tests/unit/lastuser_core/test_registry_LoginProviderRegistry.py
similarity index 91%
rename from lastuser_git_merge/tests/unit/lastuser_core/test_registry_LoginProviderRegistry.py
rename to tests/unit/lastuser_core/test_registry_LoginProviderRegistry.py
index 9d0668eba..34b0c6f07 100644
--- a/lastuser_git_merge/tests/unit/lastuser_core/test_registry_LoginProviderRegistry.py
+++ b/tests/unit/lastuser_core/test_registry_LoginProviderRegistry.py
@@ -2,9 +2,8 @@
 
 import unittest
 
-from lastuser_core import login_registry
-from lastuser_core.registry import LoginProviderRegistry
-from lastuserapp import app
+from funnel import app
+from funnel.registry import LoginProviderRegistry, login_registry
 
 
 class TestLoginProviderRegistry(unittest.TestCase):
diff --git a/lastuser_git_merge/tests/unit/lastuser_core/test_registry_ResourceRegistry.py b/tests/unit/lastuser_core/test_registry_ResourceRegistry.py
similarity index 91%
rename from lastuser_git_merge/tests/unit/lastuser_core/test_registry_ResourceRegistry.py
rename to tests/unit/lastuser_core/test_registry_ResourceRegistry.py
index 341c79fc0..130d7dec3 100644
--- a/lastuser_git_merge/tests/unit/lastuser_core/test_registry_ResourceRegistry.py
+++ b/tests/unit/lastuser_core/test_registry_ResourceRegistry.py
@@ -2,7 +2,7 @@
 
 from collections import OrderedDict
 
-from lastuser_core import registry
+from funnel import registry
 
 from .test_db import TestDatabaseFixture
 
diff --git a/lastuser_git_merge/tests/unit/lastuser_core/test_session_UserSession.py b/tests/unit/lastuser_core/test_session_UserSession.py
similarity index 98%
rename from lastuser_git_merge/tests/unit/lastuser_core/test_session_UserSession.py
rename to tests/unit/lastuser_core/test_session_UserSession.py
index 31103600d..6ad8956ec 100644
--- a/lastuser_git_merge/tests/unit/lastuser_core/test_session_UserSession.py
+++ b/tests/unit/lastuser_core/test_session_UserSession.py
@@ -1,8 +1,8 @@
 # -*- coding: utf-8 -*-
 
 from coaster.utils import buid, utcnow
-from lastuserapp import db
-import lastuser_core.models as models
+from funnel import db
+import funnel.models as models
 
 from .test_db import TestDatabaseFixture
 
diff --git a/lastuser_git_merge/tests/unit/lastuser_core/test_signals.py b/tests/unit/lastuser_core/test_signals.py
similarity index 100%
rename from lastuser_git_merge/tests/unit/lastuser_core/test_signals.py
rename to tests/unit/lastuser_core/test_signals.py
diff --git a/lastuser_git_merge/tests/unit/lastuser_core/test_utils.py b/tests/unit/lastuser_core/test_utils.py
similarity index 93%
rename from lastuser_git_merge/tests/unit/lastuser_core/test_utils.py
rename to tests/unit/lastuser_core/test_utils.py
index 15984a3db..f5be3b987 100644
--- a/lastuser_git_merge/tests/unit/lastuser_core/test_utils.py
+++ b/tests/unit/lastuser_core/test_utils.py
@@ -2,7 +2,7 @@
 
 import unittest
 
-from lastuser_core.utils import make_redirect_url, mask_email, strip_phone, valid_phone
+from funnel.utils import make_redirect_url, mask_email, strip_phone, valid_phone
 
 
 class FlaskrTestCase(unittest.TestCase):
diff --git a/lastuser_git_merge/tests/unit/__init__.py b/tests/unit/lastuser_oauth/__init__.py
similarity index 100%
rename from lastuser_git_merge/tests/unit/__init__.py
rename to tests/unit/lastuser_oauth/__init__.py
diff --git a/lastuser_git_merge/tests/unit/lastuser_oauth/fixtures.py b/tests/unit/lastuser_oauth/fixtures.py
similarity index 100%
rename from lastuser_git_merge/tests/unit/lastuser_oauth/fixtures.py
rename to tests/unit/lastuser_oauth/fixtures.py
diff --git a/lastuser_git_merge/tests/unit/lastuser_core/__init__.py b/tests/unit/lastuser_oauth/providers/__init__.py
similarity index 100%
rename from lastuser_git_merge/tests/unit/lastuser_core/__init__.py
rename to tests/unit/lastuser_oauth/providers/__init__.py
diff --git a/lastuser_git_merge/tests/unit/lastuser_oauth/providers/fixtures.py b/tests/unit/lastuser_oauth/providers/fixtures.py
similarity index 100%
rename from lastuser_git_merge/tests/unit/lastuser_oauth/providers/fixtures.py
rename to tests/unit/lastuser_oauth/providers/fixtures.py
diff --git a/lastuser_git_merge/tests/unit/lastuser_oauth/providers/test_db.py b/tests/unit/lastuser_oauth/providers/test_db.py
similarity index 100%
rename from lastuser_git_merge/tests/unit/lastuser_oauth/providers/test_db.py
rename to tests/unit/lastuser_oauth/providers/test_db.py
diff --git a/lastuser_git_merge/tests/unit/lastuser_oauth/providers/test_providers_GithubProvider.py b/tests/unit/lastuser_oauth/providers/test_providers_GithubProvider.py
similarity index 100%
rename from lastuser_git_merge/tests/unit/lastuser_oauth/providers/test_providers_GithubProvider.py
rename to tests/unit/lastuser_oauth/providers/test_providers_GithubProvider.py
diff --git a/lastuser_git_merge/tests/unit/lastuser_oauth/providers/test_providers_GoogleProvider.py b/tests/unit/lastuser_oauth/providers/test_providers_GoogleProvider.py
similarity index 100%
rename from lastuser_git_merge/tests/unit/lastuser_oauth/providers/test_providers_GoogleProvider.py
rename to tests/unit/lastuser_oauth/providers/test_providers_GoogleProvider.py
diff --git a/lastuser_git_merge/tests/unit/lastuser_oauth/providers/test_providers_LinkedIn.py b/tests/unit/lastuser_oauth/providers/test_providers_LinkedIn.py
similarity index 100%
rename from lastuser_git_merge/tests/unit/lastuser_oauth/providers/test_providers_LinkedIn.py
rename to tests/unit/lastuser_oauth/providers/test_providers_LinkedIn.py
diff --git a/lastuser_git_merge/tests/unit/lastuser_oauth/providers/test_providers_TwitterProvider.py b/tests/unit/lastuser_oauth/providers/test_providers_TwitterProvider.py
similarity index 100%
rename from lastuser_git_merge/tests/unit/lastuser_oauth/providers/test_providers_TwitterProvider.py
rename to tests/unit/lastuser_oauth/providers/test_providers_TwitterProvider.py
diff --git a/lastuser_git_merge/tests/unit/lastuser_oauth/test_db.py b/tests/unit/lastuser_oauth/test_db.py
similarity index 100%
rename from lastuser_git_merge/tests/unit/lastuser_oauth/test_db.py
rename to tests/unit/lastuser_oauth/test_db.py
diff --git a/tests/unit/models/test_membership.py b/tests/unit/models/test_membership.py
new file mode 100644
index 000000000..7a9759238
--- /dev/null
+++ b/tests/unit/models/test_membership.py
@@ -0,0 +1,120 @@
+# -*- coding: utf-8 -*-
+
+from sqlalchemy.exc import IntegrityError
+
+import pytest
+
+from baseframe import __
+from coaster.utils import LabeledEnum
+from funnel.models import ProjectCrewMembership
+
+
+class MEMBERSHIP_RECORD_TYPE(LabeledEnum):  # NOQA: N801
+    INVITE = (0, 'invite', __("Invite"))
+    ACCEPT = (1, 'accept', __("Accept"))
+    DIRECT_ADD = (2, 'direct_add', __("Direct add"))
+    AMEND = (3, 'amend', __("Amend"))
+
+
+class TestMembership(object):
+    def test_crew_membership(self, test_db, new_user, new_user_owner, new_project):
+        # new_user is profile admin
+        assert 'admin' in new_project.profile.roles_for(new_user_owner)
+        # but it has no role in the project yet
+        assert 'editor' not in new_project.roles_for(new_user_owner)._contents()
+        assert 'concierge' not in new_project.roles_for(new_user_owner)
+        assert 'usher' not in new_project.roles_for(new_user_owner)
+
+        previous_membership = (
+            ProjectCrewMembership.query.filter(ProjectCrewMembership.is_active)
+            .filter_by(project=new_project, user=new_user_owner)
+            .first()
+        )
+        assert previous_membership is None
+
+        new_membership = ProjectCrewMembership(
+            parent=new_project, user=new_user_owner, is_editor=True
+        )
+        test_db.session.add(new_membership)
+        test_db.session.commit()
+
+        assert 'editor' in new_project.roles_for(new_user_owner)
+        assert new_membership.is_active
+        assert new_membership in new_project.active_crew_memberships
+        assert new_membership.record_type == MEMBERSHIP_RECORD_TYPE.DIRECT_ADD
+
+        # only one membership can be active for a user at a time.
+        # so adding a new membership without revoking the previous one
+        # will raise IntegrityError in database.
+        new_membership_without_revoke = ProjectCrewMembership(
+            parent=new_project, user=new_user, is_concierge=True
+        )
+        test_db.session.add(new_membership_without_revoke)
+        with pytest.raises(IntegrityError):
+            test_db.session.commit()
+        test_db.session.rollback()
+
+        # let's revoke previous membership
+        previous_membership2 = (
+            ProjectCrewMembership.query.filter(ProjectCrewMembership.is_active)
+            .filter_by(project=new_project, user=new_user)
+            .first()
+        )
+        previous_membership2.revoke(actor=new_user_owner)
+        test_db.session.commit()
+
+        assert previous_membership2 not in new_project.active_crew_memberships
+
+        assert 'editor' not in new_project.roles_for(new_user)
+        assert 'concierge' not in new_project.roles_for(new_user)
+        assert 'usher' not in new_project.roles_for(new_user)
+
+        # let's add back few more roles
+        new_membership2 = ProjectCrewMembership(
+            parent=new_project, user=new_user, is_concierge=True, is_usher=True
+        )
+        test_db.session.add(new_membership2)
+        test_db.session.commit()
+
+        assert 'editor' not in new_project.roles_for(new_user)
+        assert 'concierge' in new_project.roles_for(new_user)
+        assert 'usher' in new_project.roles_for(new_user)
+
+        # let's try replacing the roles in place
+        new_membership3 = new_membership2.replace(
+            actor=new_user_owner, is_editor=True, is_concierge=False, is_usher=False
+        )
+        test_db.session.commit()
+        assert 'editor' in new_project.roles_for(new_user)
+        assert 'concierge' not in new_project.roles_for(new_user)
+        assert 'usher' not in new_project.roles_for(new_user)
+        assert new_membership3.record_type == MEMBERSHIP_RECORD_TYPE.AMEND
+
+        # replace() can replace a single role as well, rest stays as they were
+        new_membership4 = new_membership3.replace(actor=new_user_owner, is_usher=True)
+        test_db.session.commit()
+        assert 'editor' in new_project.roles_for(new_user)
+        assert 'concierge' not in new_project.roles_for(new_user)
+        assert 'usher' in new_project.roles_for(new_user)
+        # offered_roles should also return all valid roles
+        assert new_membership4.offered_roles() == {'editor', 'usher'}
+        assert new_membership4.record_type == MEMBERSHIP_RECORD_TYPE.AMEND
+
+        # can't replace with an unknown role
+        with pytest.raises(AttributeError):
+            new_membership4.replace(actor=new_user_owner, is_foobar=True)
+
+    def test_lazy_proxy(
+        self,
+        test_client,
+        test_db,
+        new_user,
+        new_user_owner,
+        new_organization,
+        new_project2,
+    ):
+        assert 'admin' in new_organization.profile.roles_for(new_user_owner)
+        assert 'admin' not in new_organization.profile.roles_for(new_user)
+
+        assert 'profile_admin' in new_project2.roles_for(new_user_owner)
+        assert 'profile_admin' not in new_project2.roles_for(new_user)
diff --git a/tests/unit/models/test_profile.py b/tests/unit/models/test_profile.py
index 0fd290e7c..edd558aaf 100644
--- a/tests/unit/models/test_profile.py
+++ b/tests/unit/models/test_profile.py
@@ -5,25 +5,26 @@
 from furl import furl
 import pytest
 
+from funnel.models import Profile
+
 
 class TestProfile(object):
-    def test_profile_urltype_valid(self, test_client, test_db, new_profile):
-        new_profile.logo_url = "https://hasgeek.com"
-        test_db.session.add(new_profile)
+    def test_profile_urltype_valid(self, test_client, test_db, new_organization):
+        profile = Profile.query.filter_by(id=new_organization.profile.id).first()
+        assert profile.name == 'test-org'
+        profile.logo_url = "https://hasgeek.com"
+        test_db.session.add(profile)
         test_db.session.commit()
-        assert isinstance(new_profile.logo_url, furl)
-        assert new_profile.logo_url.url == "https://hasgeek.com"
+        assert isinstance(profile.logo_url, furl)
+        assert profile.logo_url.url == "https://hasgeek.com"
 
-    def test_profile_urltype_invalid(self, test_client, test_db, new_profile):
-        new_profile.logo_url = "noturl"
-        test_db.session.add(new_profile)
+    def test_profile_urltype_invalid(self, test_client, test_db, new_organization):
+        profile = Profile.query.filter_by(id=new_organization.profile.id).first()
+        profile.logo_url = "noturl"
+        test_db.session.add(profile)
         with pytest.raises(StatementError):
             test_db.session.commit()
         test_db.session.rollback()
 
-    def test_reserved_name(self, test_client, test_db, new_profile):
-        new_profile.title = "Proposals"
-        new_profile.make_name()
-        # because `proposals` is in reserved name list, `make_name` will
-        # try to generate a name for it starting with suffixing it with 2.
-        assert new_profile.name == "proposals2"
+    def test_validate_name(self, test_client, test_db, new_organization):
+        assert Profile.validate_name_candidate(new_organization.profile.name) == 'org'
diff --git a/tests/unit/models/test_project.py b/tests/unit/models/test_project.py
index bda46f373..b82e535ba 100644
--- a/tests/unit/models/test_project.py
+++ b/tests/unit/models/test_project.py
@@ -27,12 +27,12 @@ def test_project_cfp_state_conditional(self, test_client, test_db):
         expired_cfp_projects = Project.query.filter(Project.cfp_state.EXPIRED).all()
         assert len(expired_cfp_projects) >= 0
 
-    def test_cfp_state_draft(self, test_client, test_db, new_profile, new_project):
+    def test_cfp_state_draft(self, test_client, test_db, new_organization, new_project):
         assert new_project.cfp_start_at is None
         assert new_project.state.DRAFT
         assert new_project.cfp_state.NONE
         assert not new_project.cfp_state.DRAFT
-        assert new_project in new_profile.draft_projects
+        assert new_project in new_organization.profile.draft_projects
 
         new_project.open_cfp()
         test_db.session.commit()
@@ -40,7 +40,7 @@ def test_cfp_state_draft(self, test_client, test_db, new_profile, new_project):
         assert new_project.cfp_state.PUBLIC
         assert new_project.cfp_start_at is None
         assert new_project.cfp_state.DRAFT
-        assert new_project in new_profile.draft_projects
+        assert new_project in new_organization.profile.draft_projects
 
         new_project.cfp_start_at = utcnow()
         test_db.session.commit()
@@ -48,14 +48,14 @@ def test_cfp_state_draft(self, test_client, test_db, new_profile, new_project):
         assert new_project.cfp_start_at is not None
         assert not new_project.cfp_state.DRAFT
         assert (
-            new_project in new_profile.draft_projects
+            new_project in new_organization.profile.draft_projects
         )  # because project state is still draft
 
         new_project.publish()
         test_db.session.commit()
         assert not new_project.cfp_state.DRAFT
         assert not new_project.state.DRAFT
-        assert new_project not in new_profile.draft_projects
+        assert new_project not in new_organization.profile.draft_projects
 
     def test_project_dates(self, test_client, test_db, new_project):
         # without any session the project will have no start and end dates
diff --git a/tests/unit/models/test_user.py b/tests/unit/models/test_user.py
index e13351095..5569fa666 100644
--- a/tests/unit/models/test_user.py
+++ b/tests/unit/models/test_user.py
@@ -2,10 +2,10 @@
 
 
 class TestUser(object):
-    def test_admin_role(self, test_client, test_db, new_user, new_profile):
+    def test_admin_role(self, test_client, test_db, new_user_owner, new_organization):
         with test_client.session_transaction() as session:
-            session['lastuser_userid'] = new_user.userid
+            session['userid'] = new_user_owner.userid
         with test_client as c:
             rv = c.get('/usertest')
-            assert rv.data.decode('utf-8') == new_user.username
-            assert new_profile.current_roles.admin
+            assert rv.data.decode('utf-8') == new_user_owner.username
+            assert new_organization.profile.current_roles.admin